Methods and apparatus for biometric verification

ABSTRACT

Aspects of the present disclosure include methods for generating a sampled profile including a plurality of sampling points having a plurality of characteristic values associated with the detected non-visible light, identifying one or more macroblocks each includes a subset of the plurality of sampling points, calculating a number of occurrences of the local pattern value within each subset of the plurality of the sampling points for each of the one or more macroblocks, generating a first array including a plurality of weighted values by calculating the plurality of weighted values based on the numbers of occurrences of the local pattern value and corresponding sizes of the one or more macroblocks, assigning a unique index to each of the plurality of weighted values, generating a second array of the unique index by ranking the plurality of weighted values, and generating a third array including a plurality of ranking distances.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation-in-Part of U.S. patent applicationSer. No. 16/104,826, filed on Aug. 17, 2018, which is aContinuation-in-Part of U.S. patent application Ser. No. 15/649,144,filed on Jul. 13, 2017, which is a Continuation of U.S. patentapplication Ser. No. 14/022,080, filed on Sep. 9, 2013, now U.S. Pat.No. 9,740,917, issued Aug. 22, 2017, which claims the benefit of U.S.Provisional Application No. 61/792,922, filed on Mar. 15, 2013, and U.S.Provisional Application No. 61/698,347, filed on Sep. 7, 2012, thecontents of which are incorporated by reference it their entireties.

BACKGROUND

There has been a growing need for stronger identity verification toprotect personal property, both physical and electronic. For example, itis important to control access to premises, vehicles, and personalproperty so that only authorized requesters are allowed access. Arequester may be a user/person that requests access to an accesscontrolled assets and/or infrastructure. In a traditional example, arequester may carry and use a key, which is designed to fit a lock toallow the requester of the key to open the lock and gain entry. A lossor damage to the key, however, can render access impossible. In anotherexample, a requester may use a key fob to remotely lock or unlock thedoors of a vehicle by, e.g., pressing a button on the fob to generate aninfrared (“IR”) or radio frequency (“RF”) signal, which is detected by asensor in the vehicle, which controls the doors. Such vehicle keylessaccess systems may require the requester to operate the ignition system.Other similar keyless access implementations may involve inserting andpresenting a magnetic card or the like in a slot or a cardreader/detector, or enabling an authorized requester to key in a numericor alphanumeric code on a provided keypad. In each of these conventionaltechniques, however, it is very difficult to determine if the personholding the key/card is the actual authorized requester. An imposter maysteal or duplicate a valid key and gain unauthorized accesses to thepremise, vehicle, and/or personal property.

While traditional biometrics access control systems may mitigate someshortcomings of keys/cards-based access control systems, there may belimitations as well. Traditional biometric sensors, such as irisdetection sensors, may be limited to specific light conditionssignificantly reducing both the effectiveness of the biometric sensor aswell as the possible environments to apply same. The performance ofbiometric sensors may be compromised in direct sunlight due to glares,shadows, and other artifacts. Even with the emergence of mega-pixelcamera technology, the features of each face may be obscured by ambientlighting, the position of the face, changes to the face, the backgroundbehind the face and the quality of the camera. Motion blur, insufficientresolution, environmental impacts, lighting, background, and cameraangles collude to obscure subject details, making heterogeneous facialrecognition (the matching of video and other probe images to largedatabases of frontal photographs) difficult.

Other factors may also increase the false acceptance and/or falserecognition rates of traditional biometric sensors. For example,biometric sensors also have difficulties obtaining the necessary data inthe absence of light. Light source shadowing and other changes inintensity may create contrasts on the face that may be misinterpreted asfacial features, and/or slightly distort the measurement of the realfacial features. Another major source of inaccuracy is the increasedprobability of similar measured features between faces in a growingpopulation. Further, the problem of capturing the features of each facemay be compounded by the desire for low maintenance and/or lowcomplexity facial recognition systems. Therefore, improvement in accesscontrol may be desired.

SUMMARY

The following presents a simplified summary of one or more aspects inorder to provide a basic understanding of such aspects. This summary isnot an extensive overview of all contemplated aspects, and is intendedto neither identify key or critical elements of all aspects nordelineate the scope of any or all aspects. Its sole purpose is topresent some concepts of one or more aspects in a simplified form as aprelude to the more detailed description that is presented later.

Some aspects of the present disclosure include methods for generating asampled profile including a plurality of sampling points having aplurality of characteristic values associated with the detectednon-visible light, identifying one or more macroblocks each includes asubset of the plurality of sampling points, selecting a local patternvalue, calculating a number of occurrences of the local pattern valuewithin each subset of the plurality of the sampling points for each ofthe one or more macroblocks, generating a first array including aplurality of weighted values by calculating the plurality of weightedvalues based on the numbers of occurrences of the local pattern valueand corresponding sizes of the one or more macroblocks, assigning aunique index to each of the plurality of weighted values, generating asecond array of the unique index by ranking the plurality of weightedvalues, and generating a third array including a plurality of rankingdistances.

Certain aspects of the present disclosure include an edge capture device(ECD) ECD having an illumination source configured to emit an incidentnon-visible light, an optical sensor configured to detect a detectednon-visible light, wherein the detected non-visible light includes areflected non-visible light and a radiated non-visible light, one ormore processors operatively coupled to the illumination source and theoptical sensor, the one or more processors are configured to construct abiometric template of a requester requesting access to an entry point bygenerating a sampled profile including a plurality of sampling pointshaving a plurality of characteristic values associated with the detectednon-visible light, identifying one or more macroblocks each includes asubset of the plurality of sampling points, selecting a local patternvalue, calculating a number of occurrences of the local pattern valuewithin each subset of the plurality of the sampling points for each ofthe one or more macroblocks, generating a first array including aplurality of weighted values by calculating the plurality of weightedvalues based on the numbers of occurrences of the local pattern valueand corresponding sizes of the one or more macroblocks, assigning aunique index to each of the plurality of weighted values, generating asecond array of the unique index by ranking the plurality of weightedvalues, and generating a third array including a plurality of rankingdistances.

Aspects of the present disclosure include a computer readable mediumhaving code stored therein that, when executed by one or moreprocessors, cause the one or more processors to execute code forgenerating a sampled profile including a plurality of sampling pointshaving a plurality of characteristic values associated with the detectednon-visible light, code for identifying one or more macroblocks eachincludes a subset of the plurality of sampling points, code forselecting a local pattern value, code for calculating a number ofoccurrences of the local pattern value within each subset of theplurality of the sampling points for each of the one or moremacroblocks, code for generating a first array including a plurality ofweighted values by calculating the plurality of weighted values based onthe numbers of occurrences of the local pattern value and correspondingsizes of the one or more macroblocks, code for assigning a unique indexto each of the plurality of weighted values, generating a second arrayof the unique index by ranking the plurality of weighted values, andcode for generating a third array including a plurality of rankingdistances.

An aspect of the present disclosure includes a system having means forgenerating a sampled profile including a plurality of sampling pointshaving a plurality of characteristic values associated with the detectednon-visible light, means for identifying one or more macroblocks eachincludes a subset of the plurality of sampling points, means forselecting a local pattern value, means for calculating a number ofoccurrences of the local pattern value within each subset of theplurality of the sampling points for each of the one or moremacroblocks, means for generating a first array including a plurality ofweighted values by calculating the plurality of weighted values based onthe numbers of occurrences of the local pattern value and correspondingsizes of the one or more macroblocks, means for assigning a unique indexto each of the plurality of weighted values, generating a second arrayof the unique index by ranking the plurality of weighted values, andmeans for generating a third array including a plurality of rankingdistances.

Aspects of the present disclosure include an infrastructure having anaccess-controlled entry point, a ECD configured to emit an incidentnon-visible light onto a face of a requester, detect a detectednon-visible light from the face of the requester, wherein the detectednon-visible light includes a reflected non-visible light and a radiatednon-visible light, generate a biometric template of the requester bygenerating a sampled profile including a plurality of sampling pointshaving a plurality of characteristic values associated with the detectednon-visible light, identifying one or more macroblocks each includes asubset of the plurality of sampling points, selecting a local patternvalue, calculating a number of occurrences of the local pattern valuewithin each subset of the plurality of the sampling points for each ofthe one or more macroblocks, generating a first array including aplurality of weighted values by calculating the plurality of weightedvalues based on the numbers of occurrences of the local pattern valueand corresponding sizes of the one or more macroblocks, assigning aunique index to each of the plurality of weighted values, generating asecond array of the unique index by ranking the plurality of weightedvalues, and generating a third array including a plurality of rankingdistances, store a plurality of biometric templates of authorizedpersonnel, compare the biometric template of the requester with theplurality of biometric templates of authorized personnel, generate apositive match signal in response to identifying a match between thebiometric template of the requester and one of the plurality ofbiometric templates of authorized personnel, and transmit the positivematch signal to a gateway to grant the requester access to the entrypoint.

BRIEF DESCRIPTION OF THE DRAWINGS

The features believed to be characteristic of aspects of the disclosureare set forth in the appended claims. In the description that follows,like parts are marked throughout the specification and drawings with thesame numerals, respectively. The drawing figures are not necessarilydrawn to scale and certain figures may be shown in exaggerated orgeneralized form in the interest of clarity and conciseness. Thedisclosure itself, however, as well as a preferred mode of use, furtherobjects and advantages thereof, will be best understood by reference tothe following detailed description of illustrative aspects of thedisclosure when read in conjunction with the accompanying drawings,wherein:

FIG. 1 is an example concurrent real-time identity verification andauthentication system, in accordance with some aspects of the presentdisclosure;

FIG. 2 shows a perspective view of an example of a concurrent real-timeidentity verification and authentication device, in accordance with someaspects of the present disclosure;

FIG. 3 shows a frontal view of an example of a concurrent real-timeidentity verification and authentication device, in accordance with someaspects of the present disclosure;

FIG. 4 shows another perspective view of an example of a concurrentreal-time identity verification and authentication device, in accordancewith some aspects of the present disclosure;

FIG. 5 is a block diagram of an example processing component of aconcurrent real-time identity verification and authentication device, inaccordance with some aspects of the present disclosure;

FIG. 6 shows a flow diagram of a facial recognition method, inaccordance with some aspects of the present disclosure;

FIG. 7(a) shows a facial image for a person, in accordance with someaspects of the present disclosure;

FIG. 7(b) shows a different facial image for the same person, inaccordance with some aspects of the present disclosure;

FIG. 8 shows an example process for calculating local binary pattern(LBP) feature, in accordance with some aspects of the presentdisclosure;

FIG. 9 shows an example process for calculating local ternary pattern(LTP) feature, in accordance with some aspects of the presentdisclosure;

FIG. 10 shows positions of three example key features selected among oneor more face images, in accordance with some aspects of the presentdisclosure;

FIG. 11 shows an example of a receiver operating characteristic (ROC)curve for testing a face database, in accordance with some aspects ofthe present disclosure;

FIG. 12 illustrates an example of biometric, asymmetric encryption forconfidentiality, in accordance with some aspects of the presentdisclosure;

FIG. 13 illustrates another example of biometric, asymmetric encryptionfor authentication, in accordance with some aspects of the presentdisclosure;

FIG. 14 illustrates a schematic view of an example of an environment forimplementing one or more gateways for access control;

FIG. 15 illustrates an example of a computer system for implementing amethod of managing data in accordance with aspects of the presentdisclosure;

FIG. 16 illustrates a block diagram of various exemplary systemcomponents, in accordance with aspects of the present disclosure;

FIG. 17 illustrates an example of a ECD for identifying biometrictemplates, in accordance with aspects of the present disclosure;

FIG. 18 illustrates an example of the components of the ECD of FIG. 17,in accordance with aspects of the present disclosure;

FIG. 19 illustrates another example of the components of the ECD of FIG.17, in accordance with aspects of the present disclosure;

FIG. 20 illustrates an example of a sampled profile, in accordance withaspects of the present disclosure;

FIG. 21 illustrates an example of LBP operation on measurement points ofthe sampled profile of FIG. 20, in accordance with aspects of thepresent disclosure;

FIG. 22 illustrates examples of sub-matrices;

FIG. 23 illustrates an example of a table of results for sequenceconversion, in accordance with aspects of the present disclosure;

FIG. 24 illustrates an example of a flow chart for converting asequence, in accordance with aspects of the present disclosure;

FIG. 25 illustrates an example of a table of verification calculations,in accordance with aspects of the present disclosure;

FIG. 26 illustrates an example of deep learning;

FIG. 27 illustrates another example of deep learning; and

FIG. 28 illustrates a flow chart of a method for identifying biometrictemplates.

DETAILED DESCRIPTION

The following includes definitions of selected terms employed herein.The definitions include various examples and/or forms of components thatfall within the scope of a term and that may be used for implementation.The examples are not intended to be limiting.

A “processor,” as used herein, processes signals and performs generalcomputing and arithmetic functions. Signals processed by the processormay include digital signals, data signals, computer instructions,processor instructions, messages, a bit, a bit stream, or othercomputing that may be received, transmitted and/or detected.

A “bus,” as used herein, refers to an interconnected architecture thatis communicatively coupled to transfer data between computer componentswithin a singular or multiple systems. The bus may be a memory bus, amemory controller, a peripheral bus, an external bus, a crossbar switch,and/or a local bus, among others. The bus may also be a vehicle bus thatinterconnects components inside a vehicle using protocols, such asController Area network (CAN), Local Interconnect Network (LIN), amongothers.

A “memory,” as used herein may include volatile memory and/ornon-volatile memory. Non-volatile memory may include, for example, ROM(read only memory), PROM (programmable read only memory), EPROM(erasable PROM) and EEPROM (electrically erasable PROM). Volatile memorymay include, for example, RAM (random access memory), synchronous RAM(SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rateSDRAM (DDR SDRAM), and/or direct RAM bus RAM (DRRAM).

As used in the specification and the appended claims, the singular forms“a,” “an” and “the” include plural referents unless the context clearlydictates otherwise.

Ranges may be expressed herein as from “about,” “substantially,” or“approximately” one particular value and/or to “about,” “substantially,”or “approximately” another particular value. When such a range isexpressed, another implementation includes from the one particular valueand/or to the other particular value.

By “comprising” or “containing” or “including” is meant that at leastthe named compound, element, particle, or method step is present in thecomposition or article or method, but does not exclude the presence ofother compounds, materials, particles, method steps, even if the othersuch compounds, material, particles, method steps have the same functionas what is named.

It is also to be understood that the mention of one or more method stepsdoes not preclude the presence of additional method steps or interveningmethod steps between those steps expressly identified. Similarly, it isalso to be understood that the mention of one or more components in adevice or system does not preclude the presence of additional componentsor intervening components between those components expressly identified.

Biometric identification techniques generally refer to patternrecognition techniques that perform a requester identification processby determining the authenticity of a specific physiological orbehavioral characteristic possessed by the requester. In some instances,biometric identification may be preferred over traditional methodsinvolving passwords and personal identification numbers (PINs) forvarious reasons. For example, with biometric identification, the person(e.g., requester) to be identified is typically required to bephysically present at the point-of-identification. Additionally,identification based on biometric techniques obviates the need toremember a password or carry a token (i.e., a security device used togain access to an access controlled entry point).

One kind of texture based local binary pattern (“LBP”) feature describesfacial information that produces desirable recognition results. Theimproved local ternary pattern (“LTP”) feature may be a furtherimprovement over conventional LBP methods. LBP and LTP features may notbe sensitive to light and expression variations and are computationallyefficient, but they also have shortcomings, such as informationredundancy due to correlation between the positive histogram and thenegative histogram.

It is therefore desirable to contemplate concurrent real-time identityverification and authentication techniques to create biometric signaturedata for providing keyless access to authorized requesters to a vehicle,building, or the like with varying degrees of security by utilizingvarious types of biometric data of authorized requesters. As discussedabove, in some implementations of the present disclosure, the biometricsignature data may be interchangeable across a wide variety ofapplications. Accordingly, in some examples of the present disclosure,the same biometric signature data for a person may be used toauthenticate that person at one or more locations and for one or moreapplications. Additionally, an example of a biometric system in thepresent disclosure allows the biometric signature data to be alteredbased on a desired security level. Thus, the type of biometric signaturedata that may be used for a particular application and/or relating to aparticular requester may vary depending on the security level desiredfor that particular application and/or requester. While someimplementations discussed herein are discussed in the context of facialbiometric data, those skilled in the art would understand that variousimplementations of the present disclosure may employ many types ofbiometric data, including, but not limited to, fingerprint data, irisand retinal scan data, speech data, facial thermograms, hand geometrydata, and the like.

In some implementations of the present disclosure, the biometric dataassociated with the intended recipient (e.g., a biometric template) maybe obtained via a biometric sensor of a biometric-based access controlsystem. As will be discussed below, variations in light, temperature,distance of the biometric sensor from a target may impact the quantityand quality of the biometric data obtained via the biometric sensor. Forexample, variations in light intensity and angle may create shadows onthe face of a requester, making facial recognition more difficult. Ifthe biometric data for identifying a requester is obscured, moretemplates may be needed to properly authenticate the requester, thusincreasing the quantity of the biometric data necessary. To reduce theundesirable impact of these environmental factors, the biometric sensormay utilize either near infrared (IR) or ultraviolet (UV) light or acombination of both IR and UV at desired intensities. In animplementation, the method uses near IR light. An Infrared lightemitting diode (LED) array may be utilized in the facial recognitiondevice or biometric sensor to minimize the impact of the surroundinglighting on capturing the facial uniqueness. The camera and the LEDarray are packaged into a dedicated edge device (e.g., an ECD or afaceplate) mounted at a location requiring verification and/oridentification/analysis, such as a door requiring access control.

In some implementations, an access control system may utilize IR or newIR illumination and detection to identify facial features. IR or new IRlighting may penetrate into the dermis of the face. The IR or new IRlighting may penetrate into the dermis by 10 micrometers, 20micrometers, 50 micrometers, 100 micrometers, 200 micrometers, 500micrometers, 1 millimeters, 2 millimeters, 5 millimeters, and/or 10millimeters. Other penetration depths are possible. The penetrationdepths may depend on the location of the body, wavelength of theinfrared lighting, and/or intensity of the infrared lighting. Thepenetration may expose characteristics of the skin that may be difficultto see in visible light including (age spots, spider veins,hyperpigmentation, rosacea, acne, and porphyrins). The identification ofthese subdermal features may be used to adjust/supplement the uniqueidentification of the requester. These features on the face of therequester may be unique because they are based on the requestersexposure to nature and the sun over the life of the requester. Facialrecognition based on subdermal features may identify the uniqueness ofthe face at the time of capture to provide opportunities foridentification analysis. The number of subdermal features may increaseover time with exposure to the sun and on a daily basis.

In another example, an access control system may utilize ultravioletillumination and detection to identify facial features. Ultravioletlighting may penetrate into the dermis of the face. The UV lighting maypenetrate into the dermis by 10 micrometers, 20 micrometers, 50micrometers, 100 micrometers, 200 micrometers, 500 micrometers, 1millimeters, 2 millimeters, 5 millimeters, and/or 10 millimeters. Otherpenetration depths are possible. The penetration depths may depend onthe location of the body, wavelength of the ultraviolet lighting, and/orintensity of the ultraviolet lighting. The penetration may exposecharacteristics of the skin that may be difficult to see in visiblelight including (age spots, spider veins, hyperpigmentation, rosacea,acne, and porphyrins). The identification of these subdermal featuresmay be used to adjust/supplement the unique identification of therequester. These features on the face of the requester may be uniquebecause they are based on the requesters exposure to nature and the sunover the life of the requester. Facial recognition based on subdermalfeatures may identify the uniqueness of the face at the time of captureto provide opportunities for identification analysis. The number ofsubdermal features may increase over time with exposure to the sun andon a daily basis. The facial recognition system of the presentdisclosure may estimate the age of a person based on the quantity andnature of the subdermal features. The access control system may alsotrack the change in these features over time to confirm the individual'sidentity and establish lifestyle and daily routines based oninterpretations of the subdermal features. Subdermal facial recognitionmay also increase the difficulty of creating a duplicate (e.g.,duplicate of a biometric template) of the face due to its elimination ofdependency on facial features capable of being captured by standardvisible wavelength photography and camera technology. The access controlsystem may also further obfuscate the content of the ultraviolet captureby introducing time-sequenced cross-polarization filters to thecapturing process that further eliminates the ability to present anartificial duplicate of the face to the access control system.

A benefit of the system in the present disclosure includes allowing asingle credential system replacing PINs, passwords, and multi-factorauthentication that is seamless to the requester. With this architecturein place, the requester(s) of the system may rely on a single credentialmanagement solution. The system of the present disclosure may supportboth logical and physical gateways. In some implementations of thepresent disclosure, the system may provide protection at home and atwork.

Aspects of the present disclosure may include a method referred to as“layered reinforcement.” The method comprises of taking the image offace from the biometric sensor and overlaying several layers ofdifferent size pixel boxes on the image. This layering of pixel boxes ofdifferent sizes has an amplifying impact on the analysis of theuniqueness of the face. Areas that are more unique to the face areamplified. Areas that are more common among faces are deemphasized. As aresult, layered reinforcement may improve the algorithm performancewhile allowing the method to handle a large number of users at multiplesites where the biometric sensor ECD is deployed. The “layerreinforcement” of the method may allow for the processing of the samenumber of requesters on a local Advanced Reduced Instruction SetComputing Machine (ARM) processor at the biometric sensor ECD where theimage is first captured, thus reducing hardware and processingrequirements and contributing to the accuracy and reliability of themethod as a network failure cannot prevent the biometric sensor ECD fromprocessing a face verification.

Some aspects of this embodiment of the invention cover the use of agateway (described below) to manage the data analyzed by the variousalgorithms to increase performance by decreasing false negative andfalse positive results through the following processes: pixel boxhierarchical analysis to create binary tree of dominant features (i.e.,determining what is the most distinctive feature); pixel box time domainanalysis with heat maps (i.e., determining over time features that areproblematic due to overlap among subjects); and binary tree collision(flagging overlap of biometric signature data for two subjects that maycause a false positive and addressing in a proactive fashion).

Benefits to the system of the present disclosure include improvedperformance when accuracy requires reduction in false negative and falsepositive results. The improvement also allows for the benefits of 1:1comparison in a 1:N environment as a potential replacement to videosurveillance and comparison thereby opening up the massive surveillancemarket to significantly increased accuracy.

Referring to FIG. 1, an example of an identification system 100 forconcurrent real-time identity verification and authentication for usein, e.g., allowing access by an authorized requester to a vehicle,building, or the like is illustrated in accordance with aspects of thepresent disclosure.

It should be appreciated that FIG. 1 is intended to describe aspects ofthe disclosure to enable those skilled in the art. Other implementationsmay be utilized and changes may be made without departing from the scopeof the present disclosure.

The identification system 100 comprises a concurrent real-time identityverification and authentication device 102 including at least onebiometric sensor 104, a processor 106, memory 108, a display 110, andinput/output mechanism 112. The identification system 100 may be used tosecure or control access to a secured area, device, or information, suchas an airport boarding area, building, stadium, database, locked door,vehicle, or other access controlled assets/infrastructure.

The biometric sensor(s) 104 may include a camera, a fingerprint reader,retinal scanner, facial recognition scanner, weight sensor, heightsensor, body temperature sensor, gait sensor, heartbeat sensor, or anyother sensor or device capable of sensing a biometric characteristic ofa person. As shown in FIGS. 2-4, in an exemplary implementation of thepresent disclosure, the biometric sensor(s) 104 may be an opticalsensor, such as a camera.

In some aspects, the biometric sensor(s) 104 may include an opticalsensor that captures visual data. For example, the biometric sensor(s)104 may be a camera that senses visual information of a requester, suchas the facial features of the person. The facial features of the personmay include the textures, complexions, bone structures, moles,birthmarks, contours, coloring, of the face of the person. The biometricsensor(s) 104 may capture the facial features of the person and convertthe visual information into digital sensed information as discussedbelow).

The processor 106 may be configured for comparing the sensed informationvia biometric sensor(s) 104 with known characteristics of a person in anattempt to identify the person via biometric signature data. Theprocessor 106 may include any number of processors, controllers,integrated circuits, programmable logic devices, or other computingdevices. The processor 106 may be communicatively coupled with thebiometric sensor(s) 104 and other components of the system 100 throughwired or wireless connections to enable information to be exchangedbetween the device 102 and external devices 114 or systems (e.g.,network 116) to allow for comparison of the stored biometric signaturedata with the sensed information obtained from the biometric sensor(s)104.

The processor 106 may implement a computer program and/or code segmentsstored on memory 108 to perform some of the functions described herein.The computer program may include an ordered listing of executableinstructions for implementing logical functions in the device 102. Thecomputer program can be embodied in any computer-readable medium (e.g.,memory 108) for use by or in connection with an instruction executionsystem, apparatus, or device, and execute the instructions. The memory108 may contain, store, communicate, propagate or transport the programfor use by or in connection with the instruction execution system,apparatus, or device. Examples of memory 108 may include an electricalconnection having one or more wires, a random access memory (RAM), aread-only memory (ROM), an erasable, programmable, read-only memory(EPROM or Flash memory), a portable computer diskette, or a portablecompact disk read-only memory (CDROM). The memory 108 may be integralwith the device 102, a stand-alone memory, or a combination of both. Thememory 108 may include, for example, removable and non-removable memoryelements such as RAM, ROM, Flash, magnetic, optical, USB memory devices,and/or other conventional memory elements.

In some aspects, the memory 108 may store the known characteristics of anumber of people and various other data associated with operation of thesystem 100, such as the computer program and code segments mentionedabove, or other data for instructing the device 102 and other deviceelements to perform the aspects described herein. The various datastored within the memory 108 may be associated within one or moredatabases (not shown) to facilitate retrieval of the information, e.g.,via the external devices 114 or the network 116. Although the memory 108as shown in FIG. 1 is integrated into the device 102, it should beappreciated that memory 108 may be stand-alone memory positioned in thesame enclosure as the device 102, or may be external memory accessibleby the device 102.

In an aspect, the display 110 may be configured to display variousinformation relating to the system 100 and its underlying operations.For example, a notification device may be included (not shown) forindicating the sensed biometric characteristic or the sensed signal failto match the known characteristics of the person and may include anaudible alarm, a visual alarm, and/or any other notification device.

In an aspect, the device 102 may also include input/output mechanism 112to facilitate exchanging data and other information among differentcomponents within the device 102, or with various the external devices114 or systems via the network 116.

For example, various I/O ports may be contemplated including a SecureDisk Digital (SD) card slot, Mini SD Card slot, Micro SD Card slot orthe like for receiving removable SD cards, Mini SD Cards, Micro SDCards, or the like, and a USB port for coupling with a USB cablecommunicatively coupled with another computing device such as a personalcomputer. In some aspects, the input/output mechanism 112 may include aninput device (not shown) for receiving identification information abouta person-to-be-identified. The input device may include a ticket reader,a credit card reader, an identification reader, a keypad, a touch-screendisplay, or any other device. In some other aspects, as described above,the input/output mechanism 112 may be configured to enable the device102 to communicate with other electronic devices through the network116, such as the Internet, a local area network, a wide area network, anad hoc or peer to peer network, or a direct connection such as a USB,Firewire, or Bluetooth™ connection, etc. In one example, knowncharacteristics about persons may be stored and retrievable in remotedatabases or memory via the network 116. The input/output mechanism 112may thus communicate with the network 116 utilizing wired data transfermethods or wireless data transfer methods such as WiFi (802.11), Wi-Max,Bluetooth™, ANT®, ultra-wideband, infrared, cellular telephony, radiofrequency, etc. In an aspect, the input/output mechanism 112 may includea cellular transceiver for transmitting and receiving communicationsover a communications network operable with GSM (Global System forMobile communications), CDMA (Code Division Multiple Access), or anyother known standards.

The device 102 may also include a power source (not shown) for providingelectrical power to the various components contained therein. The powersource may include batteries, battery packs, power conduits, connectors,and receptacles operable to receive batteries, battery connectors, orpower cables.

In an aspect, the device 102 may be installed and positioned on anaccess control entry point (not shown) such as a gate, locked door, etc.for preventing persons from accessing certain areas until the device 102determines that the sensed biometric characteristic and/or signal matchthe known characteristics. In some other aspects, as shown in FIGS. 2-4,the device 102 may be a stand-alone, compact, handheld, and portabledevice. In one example, one may use such a stand-alone, compact,handheld, and portable device to protect sensitive documents orinformation that are electronically stored and accessed on the Internetand/or an intranet. In some aspects, a concurrent realtime identityverification facility access unit may use biometric signature data tocreate interchangeable authentication for a variety of uses (e.g.,office, home, smart phone, computer, facilities).

Referring to FIG. 5, the processor 106 in FIG. 1 may be configured toinclude, among other features, a detection module 502 and a recognitionmodule 508 for providing concurrent real-time or near real-time identityverification and authentication with keyless access to authorizedrequesters to secured facilities or information. The detection module502 may include a face detection module 504 for detecting facialfeatures of a requester. The detection module 502 may include an eyedetection module 506 for identifying the locations of the eyes of arequester. In some implementations, the detection module 520 may includeone or both the face detection module 504 and/or the eye detectionmodule 506. In some aspects, the processor 106 may receive inputs(digital or analog) from the sensor(s) 104.

FIG. 6 describes an example procedure of selecting key features from adatabase with a large number of facial information and building oneclassifier which can distinguish different faces accordingly. LBP andLTP may be used to provide a full description of face information, andthen with the use of an adaptive boosting (“adaboost”) learningalgorithm, one may select key features and build a classifier todistinguish different faces by creating biometric signature data. Thisbiometric signature data may be used to create universal verificationand authentication that can be used for a variety of applications (e.g.,computer, building access, smartphone, automobile, data encryption) withvarying degrees of access and security (e.g., access to network, butheightened security for requester computer). At block 602, create facesample database. For example, the processor 106 and the recognitionmodule 508 may create a face sample database using unrecognized facesamples. In one implementation, the processor 106 and the recognitionmodule 508 may store, into the memory 108, 1000, different persons witheach person showing 10 different postures and/or expressions.

At block 604, extract LBP and LTP features. For example, the detectionmodule 502 and/or the face detection module 504 may extract LBP and LTPfeatures from different blocks in different positions of each facesample.

At block 606, calculate positive sample and negative sample. Forexample, at least one of the face detection module 502, the facedetection module 504, and the eye detection module 506 may calculate thefeature absolute value distance for the same position of any twodifferent images from one person and set this distance as positivesample feature database. Further, the face detection module 502 and theface detection module 504 may jointly or separately calculate thefeature absolute value distance for the same position of any twodifferent images from different person and set this distance as negativesample feature database.

At block 608, build adaboost classifier. For example, the face detectionmodule 502 and the face detection module 504 may select the mostdistinguishable key feature from the candidate feature database withadaboost and create a face classifier.

At block 610, generate recognition result. For example, the recognitionmodule 508 may generate recognition result. Once there is a fixeddataset of macro blocks and the specific LPB ranging from 1 to 255 isdetermined, a value is assigned to that unit of the dataset based uponthe number of pixels within the block that satisfy that specific LBP.For example, assuming a 10×10 macro block in unit number 1 of 255 andLBP of 20, the method 600 determines the number of pixels in thehistogram that fall within that LBP of 20 on scalar value. The method600 calculates scalar value and then normalize value in a second arrayto address the problem of determining value within various sizedmacro-blocks. The scalar value based upon the known method was based onsize of macro-block where the maximum value could be from 100 to 1600depending upon the size of the macro-block. The scalar value in thissecond array may now a percentage of the total pixels available in thatmacro block to normalize the data for the subsequent assessment.Normalization causes the data to not be skewed based on the size of themacro block. After normalization under the improved method, each unit ofthe data set in this second array has the same weight. This normalizeddata may be then sorted to establish and assign a value from 1-2165where the scale reflects the highest normalized value going to the topof the sort. For example if dataset 2000 had the highest value in thearray it would be assigned a value of 1 with descending value reflectingthe datasets that have lower values. The second normalized array maythen be converted to a third simulated dna sequencing array where theposition is established within this third array based upon its value inprevious sort. The third array assesses the position and calculates thedifferences between where the data set appears in the sequence (e.g.,ranking distance). This improved method analyzes traits as opposed toscalar value based upon the uniqueness of traits within the face and notmerely on scalar values.

At block 620, test face sample. For example, the detection module 502may optionally test face samples.

At block 622, extract LBP and LTP features. For example, the detectionmodule 502 and/or the face detection module 504 may extract LBP and LTPfeatures from different blocks in different positions of each facesample.

Further, online recognition may include the following steps:

(1) Calculate the offline stage extracted key feature of differentblocks in different positions for face sample to be identified.

(2) Calculate the key feature selected from step (1) with that of eachface sample in database and determine whether they belong to the sameperson or not. If calculated distance is less than the set threshold, itmay be determined that they are the same person, otherwise it may bedetermined that they are not.

As shown in FIG. 8, an example process starts with creating a facedatabase with different postures and different expressions. For example,one may include the images of, e.g., 1000, different persons and eachperson shows, e.g., 10, images differently. FIG. 7(a) shows thedifferent face image of one same person, and FIG. 7(b) refers to thedifferent face image of different person.

LBP and LTP may be used to describe face. FIG. 8 shows a calculatingprocess of LBP features, and FIG. 9 shows a calculating process of LTPfeatures. In order to obtain as many features to describe faceinformation, different block size may be divided on different positionsof face sample. For example, face size can be 100×100, block size may bew×h, w and h values can range from 2 to 100, and 7837 blocks may beselected as a result. The identification system 100 may select the binfeatures of LBP and LTP on different block size and make it as the finalcandidate feature database.

The next step is to calculate positive samples and negative samples. Thebin feature absolute value distance of the same position for differentimages from a same person may be calculated and set as the positivesample. Additionally, the bin feature absolute value distance of sameposition for different persons may be calculated and set as the negativesample. For example, the result may involve calculating 32356 positivesamples and 58747698 negative samples.

Thereafter, the key bin feature that can distinguish all positive andnegative samples among the large number of feature database may beselected with a learning algorithm. For example, one may choose thelearning algorithm of discrete adaboost to select feature and build aclassifier.

An example algorithm of using adaboost to classify may include thefollowing computational steps:

1. Given f as the maximum negative sample error rate, d as the minimumpositive sample correct rate, F_(tar) as the target of negative sampleerror rate, and D_(tar) as the target of positive sample correct ratethat cascade classifier has to achieve. P, N are the positive andnegative database, respectively.

2. Set F₀=1.0, D₀=1.0, and i=0;

3. When F_(i)>F_(tar), i=i+1, n_(i)=0, F_(i)=F_(i−1); when F_(i)>fxF_(i−1), n_(i)=n_(i+1).

4. Compute the strong classifier with n features via adaboost indatabase P and N; calculate F_(i) and D_(i) for current cascadeclassifier, adjust the threshold value of current strong classifieruntil the rate is no less than dxD_(i−1), N is nonempty set.

5. If F_(i)>F_(tar), classify the currently obtained cascade classifierin other negative sample image and determine, put wrongly determinedimage into N.

1) Given n computing sample (x_(i), y_(i)), . . . , (x_(n), y_(n)),y_(i)=0, 1, x_(i) presents negative sample label and positive samplelabel, respectively.

2) Initialize weight

${\omega_{I,i} = \frac{1}{2m}},\frac{1}{2l},$where the number of positive samples is 1 and the number of negativesamples is m.

3) Try t from 1 to T and run below steps repeatedly:

a) Normalize weight ω_(t,i)=ω_(t,i)/Σ_(j=1) ^(n)ω_(t,i),

b) Compute a weak classifier h_(j) for each feature f_(j) and mark theerror rate of this classifier ∈_(j)=Σiω_(t,j)|h_(j)(x_(i)−y_(i))|

c) Find out classifier h_(t) with lowest error rate ω_(t) among all weakclassifier computed from last step,

d) Update weight ω_(t+1,i)=ω_(t,i)β_(t) ^(1−e) among whichβ_(t)=∈_(t)/(1−∈_(t)), If x, is correctly classified, e_(i)=0. Otherwisee_(i)=1.

Get the strong classifier lastly: if Σ_(t=1) ^(T)α_(t)h_(t)(x)≥½Σ_(t=1)^(T)α_(t) then h(x)=1, otherwise h(x)=0. There, αt=log 1/β_(t)

FIG. 10 shows the position of the first three key features selectedamong face image by taking online testing for face database of 100persons based on offline selected features and classifier.

FIG. 11 shows recognition results for 100 persons, wherein X axisrepresents false accept rate, which means the wrongly identified rate offace samples. Y axis represents verification rate, which means the rateof face samples correctly recognized. As shown in FIG. 11, when thefalse accept rate is below 10⁻⁴, it may achieve 95% recognition rate.The face recognition in this example not only improves the robustness offace sample, but also reduces its computational complexity thus improvesthe face recognition significantly.

Referring back to FIG. 5, in some aspects, the detection module 502 maybe configured to use, among other features, a face detection module 504and an eyes detection module 506 for processing the acquired image ofthe person-to-be-identified as follows.

Face Detection Module 504

Inputs: Acquired frontal face image (grey image), face classifier

Outputs: Face frame positions, and the number of faces

Flow:

a. Reduce the acquire frontal face image to user-defined size

b. Calculate an integral image of the reduced image

c. Initialize a traverse window based on the size defined by the faceclassifier, e.g., 20×20

d. Move the traverse window on the integral image from left to right andthen from top to bottom with each move distance corresponding to auser-defined distance. However, if the user-defined distance is zero,set the move distance as 1/20 of the width of the traverse window.

e. Use the face classifier to determine whether the current position ofthe traverse window defines a valid portion of a face. If so, save thecurrent rectangular frame position of the traverse window as results.

f. After traversing the entire integral image, increase the width andthe length of the traverse window by 1.1 times and repeat step e untilthe size of the traverse window exceeds the size of the image, or thebuffer allocated for saving the results is used up.

g. Return to face frame position and faces

Eyes Detection Module 506

Inputs: Acquired frontal face image (grey image), face frame positions,classifier for both left and right eyes, left eye classifier, right eyeclassifier, left eye coarse detection classifier, right eye coarsedetection classifier

Outputs: frame position for both eyes, frame position of left eye, andframe position of right eye

Flow:

a. Obtain face image from the acquired frontal face image

b. If user-defined classifier for both left and right eyes is available,use correspondingly defined face detection function to detect both theleft and right eyes of the obtained face image. If not, estimate thepositions of both the left and right eyes based on experience.

c. If user-defined left/right eye course detection classifier for theleft/right eye is available, detect the left/right eye on thecorresponding half of the obtained face image. Further, based on thecoarse detection result, determine whether the detected human subject iswearing glasses or not. If glasses are present, detect the obtained faceimage and return with results. If no glasses are present, continue todetect the obtained face image based on the coarse detection result andreturn the detection result without considering the presence of glasses.(If user-defined classifier for glasses-wearing subject is notavailable, detect the obtained face image without considering thepresence of glasses.)

d. If user-defined course detection classifiers are not available,determine whether glasses are present by directly detecting theleft/right half of the obtained face image. If glasses are present,detect the obtained face image and return with results. If no glassesare present, continue to detect the obtained face image based on thecoarse detection result and return the detection result withoutconsidering the presence of glasses. (If user-defined classifier forglasses-wearing subject is not available, detect the obtained face imagewithout considering the presence of glasses.)

e. Return

In some aspects, the processor 106 may further use, e.g., a recognitionmodule 508, to extract pertinent facial features obtained from thedetection module 502 for comparing against known characteristics and/orinformation of a number of authorized people as follows.

Recognition Module 508

Normalization

Inputs: to-be-normalized image (grey image), the coordinates of thecenters of both the left and right eyes on the image axis (the origin islocated at the left top corner of the image). The meanings ofparameters: lx refers to the x coordinate of the center point of theleft eye (horizontal direction) in the output image divided by the widthof the output image, and 1y refers to x coordinate of the center pointof the left eye (vertical direction) in the output image divided by theheight of the output image.

Output: output image

Feature Extraction

Inputs: Normalized image (grey image) and feature types

Outputs: If output buffer is NULL, return feature dimensional degrees.Otherwise, assume the size of the output buffer equals the featuredimensional degrees, write the features of the image into the buffer,and return feature dimensional degrees. Certain features are associatedwith certain image size. For example, #6 feature may require the imagesize of 100 by 100. Therefore, when the input image fails correspondingdefined image size requirement, a result of zero can be returned.

Feature Comparison

Inputs: Two features to be compared and the comparison method

Output: The smaller the comparison result (a floating point), the higherthe similarity.

Obtaining Algorithm Information

Function: instruct the requester to correctly assign parameters for thealgorithm

Input: algorithm type based on the usage context

Outputs: parameters information of the algorithm including feature type,feature dimensional degrees, normalized image size, the minimumdistance, suggested range, and distance type.

Many of the systems and methods described above can be used to createBiometric Signature Data (“BSD”) files that allow a system to identifyand distinguish requesters with a high degree of accuracy. Variousimplementations of the present disclosure may employ the BSD files tocreate an encryption/decryption key, thus increasing the security ofsuch keys. Examples of the present disclosure can generate asymmetrickeys based on one or more BSD files in such a way that by utilizing abiometric sensor, a person's biometric measurement can act as theperson's private key. Implementations of the present disclosure may alsoincorporate BSD files into digital rights management (DRM) security insuch a way that files cannot be decrypted or accessed by anyone otherthan the requester or group of requesters intended, or encrypted in away that the original owners, such as a business, can no longer accessthe files. Accordingly, by using implementations of the presentdisclosure employing BSD files, when a file is accessed, there can beassurance of the identity of the requester who accessed the file.

BSD files can be generated by the algorithmic analysis of data from anA/D IR and/or UV sensor. Accordingly, many of these elements can beconsidered when constructing the private key of the asymmetrical pair(i.e., analog and/or digital values). Thus, in some implementations ofthe present disclosure, multiple elements of a sensor can contributereal-time data or real-time analog data related to a recognition eventin order to de-encrypt, thus ensuring a real-time event (i.e., theactual measurement of the intended person) has triggered theauthentication.

As shown in FIGS. 12-13, in accordance with some implementations of thepresent disclosure, messages can be sent as follows. A requester canregister, e.g., on a computer, and create a public key for therequester. The requester than then publish the public key so that thekey is publicly known. Other people, systems, or entities, can use therequester's public key to encrypt messages for the requester and sendthose messages to the requester. The requester can decrypt the messageusing her private key created by one or more live BSD files associatedwith the requester. Accordingly, the sender of the message is ensuredthat the requester is actually the person decrypting the message becausethe private key used to decrypt the message can be generated by therequester's live biometric data. These systems and methods forencryption provide substantial advantages over conventional systems andmethods. For example, instead, of simply matching anonymous asymmetricalcodes, by using BSD filed in the encryption process, authenticationbecause inherent in the key itself.

Various implementations of the present disclosure can also improve DRM.For example, DRM rules can allow for additional content to be added to afile and additional rules to be required. DRM rules can be expressed inmany rights management languages known in the art, including but notlimited to, XrML (extensible rights markup language), XMCL (extensiblemedia commerce language), ODRL (open digital rights language), and thelike. Rules can specify the actions that are permitted (e.g.,decrypting, encrypting, transferring, copying, editing, etc.). The rulescan also specify the people authorized to perform actions and theconditions under which these actions are permitted. BSD files can beused to authenticate a requester to determine whether the requester isone of the people specified in the rules.

Various systems and methods for biometric encryption and authenticationcan also find application in corporate settings where, e.g., employeesuse corporate devices for personal use as well as business, or when,e.g., an employee uses a personal device and the corporate digitalassets are transferred to and from the personal device. By applyingrules to documents that have certain digital signatures, there may becontrollable segmentation between private and business concerns. Bothparties may have access to the parts they are entitled to access but canbe prevented from accessing parts that are not entitled to access. Forexample, possible applications include, but are not limited to,providing remote access, making purchases, and conditional security.

In the case of remote access, various implementations of the presentdisclosure can generate BSD files used to authenticate a requester, thusproviding secure access for any remote network connection, i.e., VPNserver, secure access to network email, and/or company proprietaryinformation, from a remote device.

Additionally, biometric authentication techniques of the presentinvention can be used to make authenticated onlinepurchases/transactions. For example, spending limits can be based onrequester or group profile for an account. In order for a requester tomake a purchase, a system can use the biometric authenticationtechniques of the present disclosure to authenticate the true identityof that requester to verify the requester is entitled to make thedesired purchase.

Biometric authentication techniques can also be used to provideconditional security to various digital files. For example, files thatcontain sensitive information can only be accessed by authorizedrequesters, which can be authenticated using the requester's live BSDfiles.

Biometric Encryption and Authentication Application to Digital Cinema

The biometric encryption and authentication techniques described hereinfind many applications in the digital cinema industry. Movies arepopular commodities, especially pre-DVD release. In order to maximizeboth production efficiencies and distribution opportunities, movies needto be accessed and handled by many different strata of requesters.Persons skilled in the art appreciate that techniques capable ofprotecting digital assets in the digital cinema industry can be used toprotect digital assets in almost any industry. Accordingly, theprinciples described herein are not limited to application in thedigital cinema industry, but may instead be applied to any industry fora similar purpose.

Digital cinema security views itself as an end-to-end process fromproduction via distribution to consumption. SMPTE DC28, the bodyresponsible for digital cinema standards, has identified five separateareas of digital cinema: (1) capture; (2) production; (3) Master(cinema, home, video, trailers, test screenings); (4) distribution(satellite, fiber, packaged); and (5) exhibition (digital projectorsecurity). In each area identified by SMPTE DC28, a movie is vulnerableto theft. In order to discourage theft, movies can be encrypted prior todistribution. Movies are then typically stored in their encrypted statein the theater until showtime. At showtime, the movie is decrypted anddecompressed. This decryption/decompression may take place in a serveror in a projector.

In an exemplary SMPTE DC28 process, DC28.4 can represent the conditionalaccess portions of the cinema delivery system. Modem DRM encryptionmethods have proven sufficient to withstand unwarranted decipheringattempts, but securing the keys has become a problem. From capture toexhibition to distribution, a movie is encrypted and decrypted multipletimes. Accordingly, various biometric encryption and authenticationtechniques discussed herein can be applied to one of more of theencryption, decryption, and authentication steps, in accordance withvarious implementations of the present disclosure.

Referring to FIG. 14, an example of an environment 1400 for managingdata may rely on a first gateway 1402 a, a second gateway 1402 b, and athird gateway 1402 c to route data via wired and/or wirelesscommunication links. The first gateway 1402 a may be implemented as asoftware-based gateway virtualized in a computer system. The secondgateway 1402 b may be a standalone device that routes data as describedbelow. The third gateway 1402 c may be a cloud-based gateway. Otherarchitectures are possible.

In certain implementations, the gateways 1402 may perform severalfunctions including managing the movement of data to and from thebiometric sensor as described below, providing a networked solution thatefficiently moves binary facial data between devices, and when clusteredtogether (physical and virtual), providing a high availability solutionfor security designs. The gateway 1402 may receive credentialing datathrough an XML file structure. By monitoring and actively consuming theXML, files, the gateway 1402 may be able to utilize a standardizeduniversal interface agnostic to the programming language, operatingsystem and type of connectivity of the data source, support physical andlogical access control requirements within the same method, offer aninterface that supports simultaneous connectivity from different systemtypes, and/or support either live or batch processing of credentials,including the immediate recovery of a credential system through filereplacement.

In certain aspects, data stored in the gateways 1402 may be stored infiles based on Javascript Object Notation format.

The environment 1400 may include one or more ECD ECDs 1404, e.g., ECD-a1404 a, ECD-b 1404 b, ECD-c 1404 c, ECD-d 1404 d, ECD-e 1404 e, andECD-f 1404 f The ECDs 1404 may also be referred to as edge capturedevices. The ECD ECDs 1404 may transmit data to the gateways 1402 to berouted to another device within the environment 1400. For example, theECD-a 1404 a may send a biometric template and/or identity informationof a person to the third gateway 1402 c. The third gateway 1402 c maysend one or more biometric templates to the ECD-a 1404 a for performingmatching operations.

Still referring to FIG. 14, in certain implementations, the environment1400 may include an access control server 1406 a, an enterprise server1406 b, and a third party server 1406 c. The access control server 1406a may be communicatively coupled to one or more access controlled entrypoints 1408 via a wired or wireless communication link. The enterpriseserver 1406 b may be communicatively coupled to a storage device 1410.The storage device 1410 may be a network drive, local hard drive, flashdrive, tape drive, or other suitable storage media.

Still referring to FIG. 14, during operations for example, the ECD-b1404 b may receive a biometric template of a first requester 1450 a. Thefirst requester 1450 a may attempt to access one or more accesscontrolled entry points 1408 controlled by the access control server1406 a. The one or more access controlled entry points 1408 may includea vault, lock, secure door, secure gate, equipment or machinery,computing device, digital storage device, database, or file, forexample. In some examples, the one or more access controlled entrypoints 1408 may be an access controlled door or gate of aninfrastructure, such as a warehouse, office building, restricted area,etc. The biometric template of the first requester 1450 a may includeone or more of the fingerprints, voice patterns, iris patterns, facialfeatures, signature patterns, shapes of the ears, retinal patterns,gait, hand geometry of the first requester 1450 a.

In certain implementations, the ECD-b 1404 b may extract the facialfeatures of the first requester 1450 a, and compare the facial featureswith the facial features of authorized personnel. If the facial featureof the first requester 1450 a matches one of the facial features of theauthorized personnel, the ECD-b 1404 b may send a first positive matchsignal to the third gateway 1402 c. The third gateway 1402 c may routethe first positive match signal to the access control server 1406 a.Upon receiving the first positive match signal, the access controlserver 1406 a may unlock one of the one or more access controlled entrypoints 1408 associated with the ECD-b 1404 b to allow the requester 1450access. If the facial feature of the first requester 1450 a does notmatch one of the facial features of the authorized personnel, the firstrequester 1450 a may not gain access to the entry point 1408 associatedwith the ECD-b 1404 b.

Still referring to FIG. 14, in certain examples, the ECD-d 1404 d maytransmit a second positive match signal of a second requester 1450 b ata first time and a third positive match signal at a second time of thesecond requester 1450 b to the second gateway 1402 b. The second gateway1402 b may route the second positive match signal and the third positivematch signal to the first gateway 1402 a, which may route the second andthird positive match signals to the enterprise server 1406 b. Theenterprise server 1406 b may use the second positive match signal andthe third positive match signal to log access information associatedwith the second requester 1450 b. For example, the enterprise server1406 b may record, into the storage device 1410, the first time as thearrival time of the second requester 1450 b and the second time as thedeparture time on a work day. In another example, the enterprise server1406 b may record the first and second time as the number of accesses tothe one or more access controlled entry points 1408 by the secondrequester 1450 b. The enterprise server 1406 b may also log, based onthe information in the second and third positive match signals, thepremises, equipment, files, locations, and information accessed by thesecond requester 1450 b.

Referring still to FIG. 14, in certain implementations, the ECD-f 1404 fmay transmit a fourth positive match signal of the third requester 1450c to the first gateway 1402 a. The first gateway 1402 a may route thefourth positive match signal to the third party server 1406 c through afirewall 1412. The firewall 1412 may filter information transmittedthrough the firewall 1412 and prevent malicious requesters from gainingunauthorized access. The fourth positive match signal may indicate tothe third party server 1406 c that the third requester 1450 c gainedaccess to the one or more access controlled entry points 1408. Forexample, the fourth positive match signal may indicate to the third partserver 1406 c that the third requester 1450 c accessed a software thatrequires payment to the owner of the third party server 1406 c.

Still referring to FIG. 14, in certain examples, a network administrator1452 may install, manage, update, maintain, and/or control the softwarein the ECD ECDs 1404, the gateways 1402, the access control server 1406a, the one or more access controlled entry points 1408, the enterpriseserver 1406 b, the storage device 1410, and/or the firewall 1412 via aworkstation 1414. The workstation 1414 may be a desktop computer, laptopcomputer, tablet computer, handheld computer, smartphone, or othersuitable computer devices communicatively coupled via a wired orwireless connection to the third gateway 1402 c. The networkadministrator 1452 may transmit software commands from the workstation1414 to the third gateway 1402 c to be routed to a destination. In someexamples, the network administrator 1452 may upgrade the firmware in theECD ECDs 1404. In other examples, the network administrator 1452 mayinstall new software onto the access control server 1406 a. In anotherexample, the network administrator 1452 may perform maintenanceoperations, such as disk error check and defragmentation, on the storagedevice 1410. In yet another example, the network administrator 1452 maylock down or open the one or more access controlled entry points 1408 inan emergency.

Referring to FIG. 14, in some implementations, an employee 1454, such asa supervisor, may utilize a requester terminal 1416 to accessinformation through the second gateway 1402 b. The requester terminal1416 may be a desktop computer, laptop computer, tablet computer,handheld computer, smartphone, or other suitable computer devicescommunicatively coupled via a wired or wireless connection to the secondgateway 1402 b. In some examples, the employee 1454 may downloadinformation, such as work hours, arrival time, access history,utilization frequencies, using the requester terminal 1416.

In certain examples, data exchanges within the environment 1400 may beencrypted. Data transmissions between the gateways 1402 and the ECD ECDs1404 may use advanced TLS v1.2 communications with a proprietary keymanagement framework. Data transmitted via TLS v1.2 communications maybe fully encrypted to remove the threat of exposure of the data tounwanted parties. The encryption of the data may be further protected byprotecting the generation of the encrypted keys through the use of thebiometric data as the seed for the generation of the keys. As such, dataexchanged within the environment may be difficult to access byunauthorized requesters.

Further, the gateways 1402 may be used to manage the data and thecreation of a blockchain for the requesters. The first gateway 1402 a,the second gateway 1402 b, and the third gateway 1402 c may each includea blockchain wallet. The wallets will contain the requester personalcredentials required to authenticate to any device or application. Thewallets may be tied to the gateways 1402 to provide cybersecuritymonitoring and to provide the interaction between the wallet and thefacial recognition devices. The ECD ECDs 1404 linked to the personalblockchain may be able to enable a transaction in the blockchain.Communications between blockchain wallets, a ledger for the blockchaintransactions, and the gateways 1402 may use the blockchain protocol. Thepersonal blockchain will also extend to devices that verify more thanone requester, like a bank ATM (not shown). The gateways 1402 willutilize location tracking to move the link binary facial data and thelink to the blockchain ledger between shared devices to improve thesecurity of the transactions and to manage the number of requesters heldwithin each ECD 1404.

Aspects of the present disclosure may be implemented using hardware,software, a cloud network, or a combination thereof and may beimplemented in one or more computer systems or other processing systems.In an aspect of the present disclosure, features are directed toward oneor more computer systems capable of carrying out the functionalitydescribed herein. An example of such the computer system 1500 is shownin FIG. 15. One or more of the gateways 1402, the servers 1406, thefirewall 1412, the workstation 1414, and/or the requester terminal 1416may be implemented based on the computer system 1500.

Referring now to FIG. 15, the computer system 1500 includes one or moreprocessors, such as the processor 1504. The processor 1504 iscommunicatively coupled to a communication infrastructure 1506 (e.g., acommunications bus, cross-over bar, or network). Various softwareaspects are described in terms of this example computer system. Afterreading this description, it will become apparent to a person skilled inthe relevant art(s) how to implement aspects of the disclosure usingother computer systems and/or architectures.

The computer system 1500 may include a display interface 1502 thatforwards graphics, text, and other data from the communicationinfrastructure 1506 (or from a frame buffer not shown) for display on adisplay unit 1530. Computer system 1500 also includes a main memory 208,preferably random access memory (RAM), and may also include a secondarymemory 1510. The secondary memory 1510 may include, for example, a harddisk drive 1512, and/or a removable storage drive 1514, representing afloppy disk drive, magnetic tape drive, optical disk drive, universalserial bus (USB) flash drive, etc. The removable storage drive 1514reads from and/or writes to a removable storage unit 1518 in awell-known manner. Removable storage unit 1518 represents a floppy disk,magnetic tape, optical disk, USB flash drive etc., which is read by andwritten to removable storage drive 1514. As will be appreciated, theremovable storage unit 1518 includes a computer usable storage mediumhaving stored therein computer software and/or data.

Alternative aspects of the present disclosure may include secondarymemory 1510 and may include other similar devices for allowing computerprograms or other instructions to be loaded into computer system 1500.Such devices may include, for example, a removable storage unit 1522 andan interface 1520. Examples of such may include a program cartridge andcartridge interface (such as that found in video game devices), aremovable memory chip (such as an erasable programmable read only memory(EPROM), or programmable read only memory (PROM)) and associated socket,and other removable storage units 1522 and interfaces 1520, which allowsoftware and data to be transferred from the removable storage unit 1522to computer system 1500.

Computer system 1500 may also include a communications interface 1524.Communications interface 1524 allows software and data to be transferredbetween computer system 1500 and external devices. Examples ofcommunications interface 1524 may include a modem, a network interface(such as an Ethernet card), a communications port, a Personal ComputerMemory Card International Association (PCMCIA) slot and card, etc.Software and data transferred via communications interface 1524 are inthe form of signals 1528, which may be electronic, electromagnetic,optical or other signals capable of being received by communicationsinterface 1524. These signals 1528 are provided to communicationsinterface 1524 via a communications path (e.g., channel) 1526. This path1526 carries signals 1528 and may be implemented using one or more of awire or cable, fiber optics, telephone line, cellular link, RF linkand/or other communications channels. In this document, the terms“computer program medium” and “computer usable medium” are used to refergenerally to media such as a removable storage drive 1518, a hard diskinstalled in hard disk drive 1512, and signals 1528. These computerprogram products provide software to the computer system 1500. Aspectsof the present disclosure are directed to such computer programproducts.

Computer programs (also referred to as computer control logic) arestored in main memory 1508 and/or secondary memory 1510. Computerprograms may also be received via communications interface 1524. Suchcomputer programs, when executed, enable the computer system 1500 toperform the features in accordance with aspects of the presentdisclosure, as discussed herein. In particular, the computer programs,when executed, enable the processor 1504 to perform the features inaccordance with aspects of the present disclosure. Accordingly, suchcomputer programs represent controllers of the computer system 1500.

In an aspect of the present disclosure where the method is implementedusing software, the software may be stored in a computer program productand loaded into computer system 1500 using removable storage drive 1514,hard drive 1512, or communications interface 1520. The control logic(software), when executed by the processor 1504, causes the processor1504 to perform the functions described herein. In another aspect of thepresent disclosure, the system is implemented primarily in hardwareusing, for example, hardware components, such as application specificintegrated circuits (ASICs). Implementation of the hardware statemachine so as to perform the functions described herein will be apparentto persons skilled in the relevant art(s).

FIG. 16 illustrates a block diagram of various example systemcomponents, in accordance with an aspect of the present disclosure. FIG.16 shows a communication system 1600 usable in accordance with aspectsof the present disclosure. The communication system 1600 includes one ormore accessors 1660, 1662 and one or more terminals 1642, 1666. In oneaspect, data for use in accordance with aspects of the presentdisclosure is, for example, input and/or accessed by accessors 1660,1662 via terminals 1642, 1666, such as personal computers (PCs),minicomputers, mainframe computers, microcomputers, telephonic devices,or wireless devices, such as personal digital assistants (“PDAs”) or ahand-held wireless devices coupled to a server 1643, such as a PC,minicomputer, mainframe computer, microcomputer, or other device havinga processor and a repository for data and/or connection to a repositoryfor data, via, for example, a network 1644, such as the Internet or anintranet, and couplings 1645, 1646, 1664. The couplings 1645, 1646, 1664include, for example, wired, wireless, and/or fiberoptic links. Inanother example variation, the method and system in accordance withaspects of the present disclosure operate in a stand-alone environment,such as on a single terminal.

Turning now to FIG. 17, an example of a ECD 1404 that is configured toperform access control may analyze a biometric template of a requester1450 to determine whether the requester 1450 is authorized to gainaccess to an entry point (not shown) associated with the ECD 1404. TheECD 1404 may include an optical sensor 1702, an illumination source1704, a display 1706, a keypad 1708, and a scanner 1710.

In some implementations, the optical sensor 1702 may be configured tocapture still or moving images. For example, the optical sensor 1702 maycapture the fingerprints, the iris patterns, the facial features, thesignature patterns, the shapes of the ears, the retinal patterns, thegait, and/or the hand geometry of the requester 1450. In some examples,the optical sensor 1702 may be a broadband camera configured to detectelectromagnetic radiation having wavelengths ranging from 200 nanometers(e.g., soft UV) to 2000 nanometers (e.g., near infra-red (NIR)). In aparticular example, the optical sensor 1702 is configured to detectradiation between 700 to 900 nanometers. In certain implementations, theoptical sensor 1702 may include a motion sensor configured to detectpeople approaching the ECD 1404.

In certain examples, the optical sensor 1702 may include a wide anglelens (e.g., such as a fisheye lens) used to provide both vertical areacoverage to capture faces across the full range of human heights (aswell as addressing American's With Disabilities Act requirements) and toprovide horizontal coverage of the complete area of an access point toaddress more than one person accessing the secure area on oneauthentication. In other examples, the optical sensor 1702 may employ ahigh resolution (e.g., megapixel per square inch) charge coupled device(CCD) array. The high resolution array may provide the ability toidentify faces at a greater distance from the sensor. The ECD 1404 maytake advantage of the increased distance of identification topre-identify requesters in queuing situations. Potential requesters maybe identified as they enter a queuing area and a placed in a prioritylist to accelerate the confirmation at the access controlled entry pointand discharge of the queue. The pre-identification and prioritizing ofindividuals in the identification process at the access point enableshigh volume throughput at the entry point by reducing the identificationtime during the identification and authentication process.

In certain implementations, the illumination source 1704 may emitelectromagnetic radiation having wavelengths ranging from 200 nanometersto 2000 nanometers. In certain examples, the illumination source 1704may emit non-visible radiation between 700 to 900 nanometers and/or200-300 nanometers. The illumination source 1704 may emit radiation toilluminate bodily features and patterns of the requester 1450 used forbiometric analysis (analyzing biometric template to determine accessrights). The emitted radiation may impinge on a portion of a body of therequester 1450, and reflect off of the portion of the body. Thereflected radiation may be captured by the optical sensor 1702 forbiometric analysis.

In some implementations, the display 1706 may present useful informationto the requester 1450. For example, the display 1706 may show one ormore images of a face 1730 of the requester 1450, captured by theoptical sensor 1702, to assist the requester 1450 in aligning the face1730 during biometric analysis. In another example, the display 1706 maynotify the requester 1450 a status of the entry point associated withthe ECD 1404 (e.g., locked down, temporarily unavailable, normaloperations, under maintenance). In yet another example, the display 1706may display information such as time, date, weather, current location,etc.

Still referring to FIG. 17, the keypad 1708 may allow the requester 1450to enter numbers, symbols, and alphabets into the ECD 1404. In anexample, the requester 1450 may enter a password in addition to thebiometric analysis to gain access to the entry point.

In some implementations, the scanner 1710 may be a radio frequencyidentification (RFID) scanner, a proximity card scanner (e.g., HID™ cardscanner), a contact card scanner, or a magnetic card scanner. In anexample, the scanner 1710 may send an interrogatory signal to aproximity card (not shown) having a coil and an integrated circuit witha programmable or non-programmable identification sequence. Theinterrogatory signal may be “absorbed” by the coil and may energize theintegrated circuit. In response, the energized integrated circuit sendsa response signal including the identification sequence back to thescanner 1710 via the coil. The scanner 1710, in turn, analyzes theidentification sequence to determine whether or not to grant access. Theidentification sequence may be one or more numbers, alphabets, symbols,and/or a combination thereof.

Still referring to FIG. 17, in an implementation, the requester 1450 mayapproach the ECD 1404 during operations. The optical sensor 1702 maydetect the requester 1450. In response to the detection, theillumination source 1704 may emit incident NIR radiation 1760 toward therequester 1450. The incident NIR radiation 1760 may impinge on the face1730 of the requester 1450, and reflect off of the face 1730 of therequester 1450. In some implementations, the optical sensor 1702 maydetect detected NIR radiation 1762 originating from the surface of theface 1730. The detected NIR radiation 1762 may include reflectedincident NIR radiation 1760 and/or NIR radiation emitted from therequestor 1450 due to thermal heating (i.e., black body radiation). Theintensity and distribution of the detected NIR radiation 1762 may dependon the intensity and angle of the incident NIR radiation 1760, thecontour of the face 1730, angle of detection by the optical sensor 1702,and other factors. The ECD 1404 may use the detected NIR radiation 1762to construct a facial template (the “NIR sampled profile”) of therequester 1450. The ECD 1404 may compare the constructed NIR sampledprofile with existing templates stored therein (details describedbelow). If the ECD 1404 detects a match, the ECD 1404 may allow therequester 1450 access to the entry point (as described above).

In some examples, a NIR sampled profile generated via NIR radiationdetection may be resistant to changes in ambient lighting. As ambientlighting fluctuates (e.g., changes in luminance, color, colortemperature, lighting angle), a NIR sampled profile constructed usingNIR radiation detection may remain sufficiently constant to prevent afalse acceptance or a false rejection. For example, the NIR sampledprofile of the requester 1450 constructed via NIR radiation detectionunder a “bright” condition (e.g., 1000 lux) may be substantiallyidentical to the NIR sampled profile constructed via NIR radiationdetection under a “dark” condition (e.g., 100 lux). In another example,the NIR sampled profile of the requester 1450 constructed via NIRradiation detection under substantially blue light (e.g., CIEcoordinates x=0.153, y=0.100) may be substantially identical to the NIRsampled profile constructed via NIR radiation detection undersubstantially white light (e.g., CIE coordinates x=0.30, y=0.33).

Still referring to FIGS. 14 and 17, in other implementations, a NIRsampled profile generated via NIR radiation detection may improve theprivacy of the owner. For example, the storage device 1410 may store NIRsampled profiles of employees and associated confidential information(e.g., birthdates, email account passwords). If an unauthorized persongains access to the NIR sampled profiles and the associated confidentialinformation, the unauthorized person may not be able to exploit thestolen confidential information because it may be difficult to identifythe employees based on the NIR sampled profiles. Given that the NIRsampled profiles are constructed using, for example, detected NIRradiation, they may be unrecognizable because the NIR sampled profile ofa person may be drastically different from the visual image of the faceof the same person.

In another implementation, the requester 1450 may approach the ECD 1404during operations. The optical sensor 1702 may detect the requester1450. In response to the detection, the illumination source 1704 mayemit incident UV radiation 1760 (e.g., electromagnetic radiations havingwavelengths between 315-390 nanometers) toward the requester 1450. Theincident UV radiation 1760 may impinge on the face 1730 of the requester1450, and reflect off of the face 1730 of the requester 1450. In certainexamples, the incident UV radiation 1760 may penetrate the surface ofthe face 1730 and reflect off of subdermal features of the face 1730(e.g., dermis, subcutaneous tissue, muscles, imperfections). In someimplementations, the optical sensor 1702 may detect detected UVradiation 1762 originating from the surface and/or subdermal features ofthe face 1730. The detected UV radiation 1762 may include reflectedincident UV radiation 1760. The intensity and distribution of thedetected UV radiation 1762 may depend on the intensity and angle of theincident UV radiation 1760, the contour of the face 1730, angle ofdetection by the optical sensor 1702, and other factors. The ECD 1404may use the detected UV radiation 1762 to construct a facial template(the “UV sampled profile”) of the requester 1450. The ECD 1404 maycompare the constructed UV sampled profile with existing templatesstored therein (details described below). If the ECD 1404 detects amatch, the ECD 1404 may allow the requester 1450 access to the entrypoint (as described above).

In some examples, a UV sampled profile generated via UV radiationdetection may be resistant to changes in ambient lighting. As ambientlighting fluctuates (e.g., changes in luminance, color, colortemperature, lighting angle), a UV sampled profile constructed using UVradiation detection may remain sufficiently constant to prevent a falseacceptance or a false rejection. For example, the UV sampled profile ofthe requester 1450 constructed via UV radiation detection under a“bright” condition (e.g., 1000 lux) may be substantially identical tothe UV sampled profile constructed via UV radiation detection under a“dark” condition (e.g., 100 lux). In another example, the UV sampledprofile of the requester 1450 constructed via UV radiation detectionunder substantially blue light (e.g., CIE coordinates x=0.153, y=0.100)may be substantially identical to the UV sampled profile constructed viaNIR radiation detection under substantially white light (e.g., CIEcoordinates x=0.30, y=0.33).

Still referring to FIGS. 14 and 17, in other implementations, a UVsampled profile generated via UV radiation detection may improve theprivacy of the owner. For example, the storage device 1410 may store UVsampled profiles of employees and associated confidential information(e.g., birthdates, email account passwords). If an unauthorized persongains access to the UV sampled profiles and the associated confidentialinformation, the unauthorized person may not be able to exploit thestolen confidential information because it may be difficult to identifythe employees based on the UV sampled profiles. Given that the UVsampled profiles are constructed using, for example, detected UVradiation, they may be unrecognizable because the UV sampled profile ofa person may be drastically different from the visual image of the faceof the same person. A sampled profile may be a rendering of the datasetthat visualizes the consistency of position within the three arrays. Ifthe sampled profile is compromised, it may be more difficult to obtainbiometric information used to identify the individual.

In some examples, the ECD 1404 may generate a visible-light sampledprofile based on detected visible-light reflected from the face 1730 ofthe requester 1450.

In certain implementations, the requestor 1450 may be asked to provide apassword, a personal identification number (PIN), and/or a valid HID™card to be used in conjunction with the constructed sampled profile togain access to the entry point associated with the ECD 1404.

In other implementations, the ECD 1404 may include a microphone (notshown in FIG. 17) to perform voice recognition.

In some examples, the display 1706 may show the face 1730 of therequester 1450 as imaged by the optical sensor 1702. The display 1706may include alignment marks (not shown) to assist the requester 1450 inaligning the face 1730 with respect to the optical sensor 1702. Thisalignment process may minimize false acceptances and false rejectionsdue to misalignment. In certain implementations, the ECD 1404 may be apocket-sized mobile device powered by rechargeable batteries.

Referring to FIG. 18, in some implementations, the ECD 1404 may includea processor 1802 having a communication module 1852 configured tocommunicate with the gateways 1402 and other ECD ECDs 1404 as describedin this disclosure. The communication module 1852 may be implemented ashardware in the processor 1802 for example, as software code executed bythe processor 1802, or a combination thereof. The processor 1802 mayalso include a security module 1854 configured to encrypt and/or decryptdata. The security module 1854 may be implemented as hardware in theprocessor 1802 for example, as software code executed by the processor1802, or a combination thereof. The processor 1802 further includes analgorithm module 1856 for constructing and comparing biometric templatesas described throughout this disclosure. Alternatively, thecommunications with the Gateway may be facilitated by a processor in thecontrol panel. The algorithm module 1856 may be implemented as hardwarein the processor 1802 for example, as software code executed by theprocessor 1802, or a combination thereof. The processor 1802 may furtherinclude a parallel computation module 1858 for performing distributedprocessing. The parallel computation module 1858 may be implemented ashardware in the processor 1802 for example, as software code executed bythe processor 1802, or a combination thereof. The processor 1802 mayinclude one or more processors or cores, and may be implemented as asemiconductor processor, graphical processing unit, a field programmablegate array, a programmable logic device, a processing cluster, anapplication specific integrated circuit, or other suitablearchitectures.

The ECD 1404 includes a memory 1804. The memory may be static or dynamicmemory such as flash memory, random access memory, magnetic memory, orsemiconductor memory. The memory 1804 may include external memory suchas a cloud storage. The memory 1804 may include or store applicationsand/or computer executable code. The ECD 1404 further includes a modem1808 for communicating with the gateways 1402 and other ECD ECDs 1404,and may operate in cooperation with the communication module 1852. TheECD 1404 also includes a RAM 1806, such as static or dynamic randomaccess memory (RAM). The ECD 1404 may also include an Input/Output (I/O)device 1810 communicatively coupled to the display 1706, the opticalsensor 1702, the keypad 1708, and the scanner 1710. The componentswithin the ECD 1404 may be interconnected by an internal bus 1812 a. Theprocessor 1802, the memory 1804, the RAM 1806, and the internal bus 1812a may be disposed on a processing board 1820.

Referring now to FIG. 19, another example of the ECD 1404 may include anumber of processing boards 1820 interconnected by an external bus 1812b. Each processing board 1820 may include the processor 1802, the memory1804, the RAM 1806, and the internal bus 1812 a. Data distributed amongthe processing boards 1820 may be distributed by a controller 1814 viathe external bus 1812 b. In a non-limiting example, the ECD 1404 maydownload (from the gateways 1402) 240,000 biometric templates ofpotential requestors. The controller 1814 may distribute the 240,000biometric templates evenly or unevenly among the processing boards 1820such that each processing board 1820 may store, in the respective memory1804, 30,000 biometric templates. In some implementations, eachprocessing board 1820 may store the same or different number ofbiometric templates.

Still referring to FIG. 19, in an example, during operations, the ECD1404 may construct a sampled profile (e.g., UV or NIR) of the requestor1450 based on the detected NIR radiation 1762. The controller 1814 maydistribute copies of the constructed sampled profile to each of theprocessing boards 1820. In some implementations, the processing boards1820 may simultaneously compare the duplicated sampled profiles with thelocally stored biometric templates (e.g., 30,000 stored in eachprocessing board 1820). While the current example of the ECD 1404 shownin FIG. 19 includes eight processing boards 1820, other numbers ofprocessing boards 1820 may also be used. For example, the ECD 1404 mayinclude 2, 4, 6, 8, 12, 16, 32 or 64 processing boards 1820.

In an implementation, the ECD 1404 may rely on remote processing boards(not shown) to perform the distributed computing described above. Forexample, the ECD 1404 may send the duplicated sampled profiles to theremote processing boards to jointly and simultaneously implement thealgorithm (described below) for matching the duplicated sampled profiles(or the numerical representation of the duplicated sampled profiles) toknown biometric templates. The processing boards may be within other ECDECDs within the network. In certain examples, the ECD 1404 may send theduplicated sampled profiles to a Beowulf cluster. The clustering designmay employ inter-process and inter-processor protocols to shareprocessing tasks of the same application between both processors and theprocessing cores within those processors. In the case of facialrecognition, processor-intensive operations like facial verification mayutilize multiple processors or multiple cores to complete the operationwithin an acceptable period of time. In some cases, large multi-coreprocessors may be used for this type of operation. In other cases, theoperation may be spread across several advanced RIISC machine (“ARM”)processors to accomplish the same performance as the single multi-coreprocessor without the high hardware cost and potential for a singlepoint of failure.

Referring back to FIG. 14, in a non-limiting example of distributedparallel comparison, the first gateway 1402 a may download 600,000biometric templates of potential requesters (e.g., employees andcontractors) from the enterprise server 1406 b. The first gateway 1402 amay distribute 100,000 biometric templates to each of the ECD-e 1404 eand the ECD-f 1404 f, and 200,000 biometric templates to each of thesecond gateway 1402 b and the third gateway 1402 c. Next, the secondgateway 1402 b may distribute 100,000 biometric templates to each of theECD-c 1404 c and the ECD-d 1404 d, and the third gateway 1402 c maydistribute 100,000 biometric templates to each of the ECD-a 1404 a andthe ECD-b 1404 b. Consequently, the 600,000 biometric templatesdownloaded from the enterprise server 1406 b may be evenly distributedamong the ECD ECDs 1404 (i.e., 100,000 non-overlapping templates each).In some implementations, when the ECD-b 1404 b constructs a sampledprofile (UV or NIR) of the first requester 1450 a, the ECD-b 1404 b mayduplicate the constructed sampled profile and distribute the duplicatedsampled profiles to the ECD-a 1404 a, ECD-c 1404 c, ECD-d 1404 d, ECD-e1404 e, and ECD-f 1404 f (via one or more gateways 1402). The ECD ECDs1404 may compare the duplicated sampled profile of the first requester1450 a with the 100,000 templates stored locally to determine a match.The ECD-a 1404 a, ECD-c 1404 c, ECD-d 1404 d, ECD-e 1404 e, and ECD-f1404 f may send (via one or more gateways 1402) the result of thecomparison back to the ECD-b 1404 b. The ECD-b 1404 b may gather theresults and determine whether to grant access to the first requester1450 a. In other implementations, the biometric templates may beunevenly distributed among the ECD ECDs 1404.

Referring now to FIG. 20, the ECD 1404 may generate a sampled profile2000 based on measuring the intensity of the detected radiation 1762from the face 1730 of the requester 1450. The sampled profile 2000 mayinclude a base matrix 2010 of one or more measurement points 2002. Themeasurement points 2002 may include a value indicative of the intensityof the detected radiation 1762 at a location of the particularmeasurement point. For example, the measurement point-a 2002 a mayindicate an intensity scale value of 2 corresponding to a region 2004 a(e.g., black hair) around the face 1730 of the requester 1450. Themeasurement point-b 2002 b may indicate an intensity scale value of 50that corresponds to a background color. The measurement point-c 2002 cmay indicate an intensity scale value of 21 that corresponds to a region2004 c (e.g., cheeks) on the face 1730 of the requester 1450. In certainexamples, the intensity scale may range from 0 (no reflection) to 100(maximum reflection able to be detected by the optical sensor 1702 ofthe ECD 1404. In an implementation, the intensity scale may measure anabsolute intensity (e.g., brightness) of the measurement points 2002. Inother examples, the sampled profile 2000 may include measurement points2002 for detected radiation 1762 of different wavelengths (e.g., UV,NIR, red, green, blue).

While the sampled profile 2000 in FIG. 20 shows the base matrix 2010 of10×12 measurement points 2002 across the face 1730 of the requester1450, other measurement points density may be possible for the basematrix 2010. For example, the ECD 1404 may generate another sampledprofile using 100×100 measurement points across the face 1730 of therequester 1450. In another example, the ECD 1404 may generate a sampledprofile using 500×500 measurement points. Other measurement pointsdensity are also possible, and may depend on desired accuracy,computational constraints, amount of data storage, etc.

In some implementations, the ECD 1404 may remove measurement points 2002indicating the background.

Turning now to FIG. 21, in one implementation, the ECD 1404 (or theprocessor 1802) may apply the LBP operation to one or more of themeasurement points 2002 within the base matrix 2010. For example, theECD 1404 may perform LBP on the measurement point-d 2002 d, whichincludes an intensity value of 41. The LBP string for the measurementpoint-d 2002 d is 01110100, based on the span of 1 (i.e., performing LBPusing the immediate neighbors, having distance of 1 cell, of themeasurement point-d 2002). The ECD 1404 may track the numbers of LBPstrings for the remaining measurement points 2002 r as shown in a table2100. In some examples, the ECD 1404 may compute 24 of the measurementpoints 2002 as having the LBP string of 00000000, 3 having the LBPstring of 00000001, 11 having the LBP string of 00000010, and 0 havingthe LBP string of 00000011, etc., as indicated in a table 2100. Thetable 2100 may include 256 entries for the possible strings (i.e., 8bits). In some examples, the table 2100 may include 255 entries byeliminating the entry for the “all white” string (11111111) or the “allblack” string (00000000). In some implementations, the data in the table2100 may be plotted as a histogram indicating the number of occurrences(e.g., measurement points 2002) for the possible LBP strings.

In some implementations, based on the distribution of the LBP strings inthe table 2100, the ECD 1404 may determine one or more unique features.The one or more unique features may be non-zero LBP strings occurringfewer than a threshold frequency (e.g., 5), such as LBP strings00000001, 01110100, and 11111100. In another implementations, the one ormore unique features may be the non-zero LBP strings occurring theleast, such as LBP strings 01110100. In some examples, the ECD 1404 maytrack the location the measurement points 2002 having the one or moreunique features. For example, the ECD 1404 may track the coordinate ofthe LBP strings. In some implementations, the one or more uniquefeatures may be the non-zero LBP strings occurring the most.

Turning now FIG. 22, in certain implementations, the ECD 1404 may dividethe base matrix 2010 into one or more sub-matrices. Each sub-matrix mayinclude a macroblock of measurement points. For example, the ECD 1404may divide the base matrix 2010 into a 5×5 sub-matrix 2202, a 3×3sub-matrix 2204, and a 6×6 sub-matrix 2206. When computing the LBPstrings for the measurement points 2002 within the 5×5 sub-matrix 2202,the ECD 1402 may calculate the LBP strings of the measurement points2002 within the 5×5 sub-matrix 2202 using a span of 3 (i.e., calculatingLBP strings using neighbors 3 cells away). Similarly, when computing theLBP strings for the measurement points 2002 within the 3×3 sub-matrix2204, the ECD 1402 may calculate the LBP strings of the measurementpoints 2002 within the 3×3 sub-matrix 2204 using a span of 2. Whencomputing the LBP strings for the measurement points 2002 within the 6×6sub-matrix 2206, the ECD 1402 may calculate the LBP strings of themeasurement points 2002 within the 6×6 sub-matrix 2206 using a span of4. Other sizes for the base matrix, the sub-matrices, and spans arepossible, as determined by the ECD 1402.

In one example, a 100×100 base matrix may be divided into sub-matricesof six different sizes: 10×10, 15×15, 20×20, 30×30, 35×35 and 40×40.Within each of these sub-matrices, the LBP string may be calculated witha different span around the measurement point being calculated tocharacterize the texture/slope of the area surrounding the cell atdifferent coverage areas. The span in pixels from the measurement point2002 to be calculated to each of the neighboring cells for each of thesub-matrix sizes may be 3, 9, 15, 21, 27 and 33. In another example, a200×200 base matrix may include 6 different sub-matrices having sizes of10×10, 20×20, 35×35, 50×50, 65×65, 80×80, and 100×100. The span inpixels from the measurement point 2002 to be calculated to each of theneighboring cells for each of the sub-matrix sizes may be 3, 5, 7, 10,25 and 40. The sub-matrices may overlap in some instances. In certainimplementations, the ECD 1404 may apply LTP computations onto themeasurement points 2002.

Referring now to FIG. 23, in certain examples, the ECD 1404 may convertthe list of binary features derived from the sampled profile into a datasequence that is extensible and capable of being tailored to the uniquetraits of each requester 1450 while still providing a methodology ofobject comparison and matching/verification. A binary feature maycontain three characteristics: the size of the sub-matrix/macroblock,the location of the sub-matrix/macroblock on the sampled profile, andthe Uniform Local Binary Pattern (ULBP) assigned to binary feature. Amacroblock may be a “sub-image” of the image of the face 1730 of therequester 1450. For instance, a macroblock of size 10 is a 10×10 (i.e.,100 measurement points 2002) sub-image of the image of the face 1730. Ina non-limiting example, the location of the macroblock on the image maybe defined by the position of the first pixel in the macroblock locatedin the top, left corner of the macroblock. The position of this pixel isdefined by two values, its distance from the left boundary of the faceimage (x-dimension) and the distance from the top boundary of the faceimage (y-dimension). The final characteristic is the ULBP, which is amathematical methodology for establishing a scalar value for the edgeand texture characteristics of a pixel starting with the top left of theface 1730. For each pixel within the macroblock, a ULBP calculation isperformed. If the calculated ULBP matches the defined ULBP for thatbinary feature, the value of the binary feature is incremented by one.Therefore, the maximum value of a binary feature is the size of thedefined macroblock (10×10 is 100) and the minimum value is zero. Amacroblock may be used in more than one binary feature with a differentULBP definitions. The location of a macroblock may also be used in morethan one binary feature with a different macroblock size and ULBPdefinition.

Still referring to FIG. 23, a table 2300 may illustrate an example ofthe results of the sequence conversion process for macroblocks havingsizes of 10×10, 35×35, 20×20, 30×30, 15×15, 40×40, and 15×15. Threearrays may be used to generate a biometric template. First array may bea scalar value in array normalized. Second array may be sorted so thatbinary feature 2000, which in this example has the highest value, goesto the top of the second array in position 1. Third array compares thedifference in the position of binary feature 2000 in the sort instead ofscalar value. If the position within the array for binary feature 2000remains the same, the results will reflect a value of 0 representing theleast possible change in position and therefore the highest value forsignificance in the authentication method.

Turning now to FIG. 24, a method 2400 of converting a sequence mayidentify the most unique features used for identification.

At block 2402, obtain the sampled profile of the face. For example, theprocessor 1802 and/or the communication module 1825 may obtain thesampled profile of the face 1730.

At block 2404, assign a unique index to each macroblock/ULBPcombination. For example, the algorithm module 1856 may assign a uniqueindex (e.g., 4) to each macroblock/ULBP combination (e.g., macroblock30×30) and analyzing based upon uniqueness of traits within the face andnot on scalar values.

At block 2406, construct a first array of scalar values for eachmacroblock/ULBP combination in the master schema referenced by theschema. For example, the algorithm module 1856 may construct a firstarray of scalar values for each macroblock/ULBP combination in themaster schema referenced by the schema. First array includes number ofpixels that fall within that ULBP within that macro-block. Whenanalyzing the LBP of a pixel, the ECD 1404 may perform normal LBPcalculation and get a histogram that is the value from 0-255, and if theresult is the highest value (standard LBP formula that takes pixel andtakes 8 pixels around it and then each pixel has a different binaryvalue) then the result receives a value of 1. If some other LBP ishigher than that pixel has a 0 value.

At block 2408, weigh each scalar value by the size of the macroblock.For example, the algorithm module 1856 may weigh each scalar value(e.g., 380) by the size of the macroblock (e.g., 30×30).

At block 2410, sort the first array of scalar values in descendingorder. For example, the algorithm module 1856 may sort the elements ofthe first array of scalar values in descending order from, for example,1 to 2165.

At block 2412, convert the associated indices into a sequence. Forexample, the algorithm module 1856 may convert the associated indicesinto a sequence or the sort order of the data set instead of the scalarvalue.

At block 2414, convert the sequence into a second array with a scalarvalue for each unique index that is the distance (difference in positionin array rather than measurement in mm) of the primary index from thebeginning of the sequence array. For example, the algorithm module 1856may convert the sequence into a second array with a scalar value foreach unique index that is the position of the primary index from thebeginning of the sequence array with 2165 elements currently but may beextensible depending upon data for each individual.

Referring to FIG. 25, in certain implementations, a deep learning may beperformed on the full data set to establish the minimum data setrequired to accurately perform facial recognition. The result of thedeep learning may be a reduced data set of binary features that is afraction of the total data set (e.g., 1%, 2%, 5%, 10%, 20%, 50%). Eachelement of data in this data set may be defined by a sub-matrix of aspecific size and location and a single value within the full LBP basematrix. Each data element may be assigned a unique numeric identifier.For the enrollment process, this static data set is used for eachrequester. As each requester continues to verify their faces, theverification data may be collected and through deep learning a new setof binary features may be created for each requester. The introductionof the sequence to the verification algorithm may allow the introductionof this individualized set of binary features and still allow forcomparison between different sets. The matching of two sequences may beachieved by calculating the difference (e.g., the difference in positionof a data set) of the two arrays. The greater the sum the lower thequality of the match. A perfect object match may have a sum ofsubstantially zero.

Still referring to FIG. 25, a table 2500 illustrates an example of theverification calculations. The first step in creating the sequence maybe the sorting of the scalar array by the magnitude of the scalar value.The sort may be performed in descending order. The binary feature uniqueidentification with the largest value is at the top of the sort. Bysorting in this manner, the binary features providing with the mostuniqueness (greatest scalar magnitude) are at the top of the array.After the sort, the new sort position is transferred to that third arrayand the location on the new array is based upon the binary featureunique identification. Binary feature unique identifier is 2000 when itgets sorted it goes to position 1. In third array the 2000 position willreceive a value of 1. This array may be a unique sequence for the objectand is the new basis for object verification and/or matching.

The sequence matching algorithm determines the quality of the match bythe distance of each binary feature unique identification from thebeginning of the sequence. The distance is the index value of the binaryfeature unique identification within the sequence array where the indexvalues are sequentially assigned. To efficiently complete this matchingcalculation, another array is created that contains the distance of eachbinary feature from the beginning of the sequence. As an example, afterthe sort, the binary feature with the unique identification of one is inposition ten of the sorted sequence. In the new array, which iszero-indexed, position one will have a value of ten. By structuring thearray in this manner, the algorithm to perform a match between two ofthese arrays is the same as the original algorithm. The absolute valueof the difference of the values with the matching index is aggregated tocreate a single value for the array match. A lower value equates to acloser match. A perfect match may be substantially a zero value.

By introducing the sequence array, the matching algorithm may beextensible. Sequence array is second array and scalar array is the firstarray (normalized for block size). Extensible may indicate that thefixed list of binary features may now be expanded and contracted asrequired to optimize the process of matching objects while alsoimproving the matching process integrity. In this implementation, thesequence array may be dynamically adjustable based on two separate deeplearning functions based upon the environment of the edge device and thespecific individual face being authorized. The first function may seekto continuously optimize the default list of binary features applied tosome or all object matching attempts prior to the development of anindividual list of binary features. The second function may aggregateimage data on individual objects and over time develop an optimized listof binary features for the face. Once the individualized list of binaryfeatures exceeds the matching performance of the default list of binaryfeatures through parallel object matching trials on incoming objectimage data, the default list of binary features may be replaced with theindividualized list of binary features for that object in the liveobject matching functions.

In certain implementations, the deep learning engine for both processesmay receive sample data in parallel with the live object/face matchingfunctions. As image data is received, two lists of binary features maybe applied to it. The first list may either be the default orindividualized list of reduced binary features. (e.g., three mostimportant blocks out of 100 in 10×10 macroblock). The output of theapplication of this list may be used in the live matching process. Thesecond list may be the full list of binary features, which comprises allpossible macroblock size (e.g., all 100 within the 10×10 macroblock),applied to possible image positions for each ULBP. The complete list ofbinary features may be, for example, twenty times the size of thedefault or individualized list of binary features. The deep learningengine may receive a sequence derived from the complete list of binaryfeatures for each object image received into the system. In the case ofthe default list of binary features deep learning process, the imagesmay be categorized into the training and validating sets. An independentdefault test set may be created including objects different than theobject being learned. In the case of the individualized list of binaryfeatures, each object identified by the default or existingindividualized list of binary features will be placed in the training,validation and test sets. All other object's list may be placed in theverification and test sets.

A deep learning training session for both the default object list ofbinary features and for each individual list of binary features may beexecuted for each new live entry from the object detection system.

Once the eyes detection algorithm locates the eyes, the face matrix ofdata is transferred to the facial recognition algorithm. If the deeplearning algorithm has developed specific list of binary features, thenan aggregate list of these binary features for all users in the systemmay be created and used to generate the sequence. Otherwise, thesequence may be generated using the default set of binary features. Thesequence may be transferred to the verification algorithm where thematching process may determine the identity of the sequence. With theidentity established, a full list of binary features (all sub-matriceswith full LBP histograms) may be generated and transferred to thatidentities data set in the deep learning algorithm. The deep learningalgorithm may process the available data set for that identity (the setmay continue to grow with each verification) and generate a revisedoptimum data set for that identity. The optimized data set may beconverted to a sequence and used in the next verification process forthat user. At the same time the aggregate set of binary features may beupdated if necessary for converting the next face matrix. While theverification process will be within the locale cluster of devices, thedeep learning algorithm may occur within both the locale and globalclusters as a background task.

As the results of the training session refine the list of binaryfeatures, the respective list may be updated in the liveverification/matching process. The result may be a matching systemcapable of automatically adjusting to both the overall object populationand the specific, unique traits of each object. The evolution of theobject data will allow for large scale object matching solutions inexcess of 100,000 objects capable of the same precision as a smallsolution (<1,000).

Referring now to FIG. 26, an example of the deep learning process 2600may rely on feedback loops and machine learning to refine theidentification process.

At block 2602, obtain an image matrix. For example, the processor 1802and/or the communication module 1825 may obtain the sampled profile ofthe face 1730.

At block 2604, determine if the face specific macroblock/ULBP isavailable. For example, the algorithm module 1856 may determine if theface specific macroblock/ULBP is available.

At block 2606, if the custom list of binary features is not available,convert image to face generic detection list of binary features. Forexample, the algorithm module 1856 may convert image to facegeneric/default detection list of binary features if the custom list isnot available.

At block 2608, obtain face detection default sequence. For example, thealgorithm module 1856 may obtain face detection default sequence if themacroblock is not available.

At block 2610, if the custom list of binary features is available,convert image to face detection specific list of binary features. Forexample, the algorithm module 1856 may convert image to face detectionspecific list of binary features if the custom list of binary features(could be in original 2165 or could be all new ones that based upon thatindividual (e.g., 10 additional 10×10 s that are more distinctive forthat particular individual) is available.

At block 2612, perform face detection. For example, the algorithm module1856 may perform face detection.

At block 2614, perform eye detection and location. For example, thealgorithm module 1856 may perform eye detection and location.

At block 2616, convert image to full list of binary features. Forexample, the algorithm module 1856 may convert image to full list ofbinary features. (not just 57, but all 100 of 10×10 of macroblocks andinclude all values). Tensor flow is the deep learning engine frameworkprovided by Google™. Equation and algorithm for tensor flow is wellknown in the art.

At block 2618, develop face detection list of binary features usingtensor flow deep learning. For example, the algorithm module 1856 maydevelop face detection list of binary features using tensor flow deeplearning.

At block 2620, feedback face detection refined sequence. For example,the algorithm module 1856 may feedback face detection refined sequence.To refine the list of features, the ECD 1404 may take entire feature setand collect all data for face and derive a new refined set that replacesthe default set. Distance calculation between the position of the binaryfeature within two sets may be used as metrics. Every feature would bein the same position every time. As face data get better face to facecomparison will get smaller and the difference between this face and allothers will get larger.

Turning now to FIG. 27, the example of the deep learning process 2600shown in FIG. 26 may rely on feedback loops and machine learning torefine the identification process. Rather than centralizing process ofdeep learning data that is subject to hacking if stored in a centralserver (tensor flow single application operating on a single centralserver) particularly on the cloud, the present disclosure may use tensorflow in a distributed architecture to evaluate at each reader that isprivacy protected on all individual devices rather than stored in onecentral server.

At block 2614, perform eye detection and location. For example, thealgorithm module 1856 may perform eye detection and location.

At block 2702, obtain face detection specific list of binary features.For example, the algorithm module 1856 may obtain face detectionspecific list of binary features if the macroblock is available.

At block 2704, obtain facial recognition default list of binaryfeatures. For example, the algorithm module 1856 may convert image toface generic detection list of binary features if the specific list ofbinary features for that individual is not available.

At block 2706, determine if the face specific list of binary features isavailable. For example, the algorithm module 1856 may determine if theface specific list of binary features is available. Custom list ofbinary features may include the original 2165 or could be all new onesthat are based upon that individual (e.g., 10 additional 10×10s that aremore distinctive for that particular individual).

At block 2708, if the face specific list of binary features is notavailable, convert image to face generic list of binary features. Forexample, the algorithm module 1856 may convert image to face genericlist of binary features if the face specific list of binary features isnot available.

At block 2710, if the face specific list of binary features isavailable, convert image to face specific list of binary features. Forexample, the algorithm module 1856 may convert image to face specificlist of binary features if the face specific list of binary features isavailable.

At block 2712, convert list of binary features to sequences. Forexample, the algorithm module 1856 may convert list of binary featuresto sequences.

At block 2714, perform verification. For example, the algorithm module1856 may perform verification.

At block 2716, convert image to full list of binary features. Forexample, the algorithm module 1856 may convert image to full list ofbinary features.

At block 2718, develop face specific list of binary features usingtensor flow deep learning. For example, the algorithm module 1856 maydevelop face specific list of binary features using tensor flow deeplearning. (not just 57 as is typical with LBP, but all 100 of 10×10 ofmacroblocks and include all values). Tensor flow is the deep learningengine framework provided by Google™. Equation and algorithm for tensorflow is well known in the art.

In some examples, the gateway 1402 and/or the ECD 1404 may includeproactive algorithms to identify and reduce “consistency-collisions”during the verification process. A “consistency-collisions” may occurwhen one or more requesters have unique facial data that causes amistake (i.e., false acceptance or false reject) in the verification.The gateway 1402 and/or the ECD 1404 may seek out potential‘consistency-collisions’ proactively using two methods of the presentdisclosure described below.

The ‘Layered Reinforcement’ algorithm may allow the requester to createa binary tree structure for the facial data. The binary data may createa hierarchy of data points (e.g., LBP string) based on the uniqueness ofthe data points. The greater the uniqueness the higher up on the tree.Every verification transaction may result in the transfer of the binaryfacial data from the ECD 1404 to the gateway 1402. When the gateway 1402receives the binary facial data, it may begin checking the uniqueness ofthe new data's binary tree structure against the data of the otherrequesters 1450 stored. When it identifies a potential collision, thegateway 1402 may notify the ECD 1404 to escalate verificationtransactions between the two identified requesters 1450 to the gateway1404. When the gateway 1404 receives an escalated transaction it mayperform two advanced algorithms (i.e., the Proactive CollisionIdentification Algorithm and the Time-Domain Trending Algorithm) on thedata. Binary tree may take most distinctive features and establishhierarchy based upon most and least distinctive. Prioritized tree mayreduced analysis based on 20 rather than 2165 saving time andcomputing/processing. Based upon the branches of the tree off the mostdistinctive features may allow the ECD 1404 to determine if this is oris not the person rather than going thru all 2165 features. Thresholdsmay be empirical and derived from testing.

The first advanced algorithm, the Proactive Collision IdentificationAlgorithm, may take the binary tree data and analyze the facial databased on its location in the binary tree. The binary tree data may beweighted. If the weighting of the binary data does not yield asufficient differentiation of the data, the gateway 1402 may extend theverification process to find adequate differentiation data.

In some implementations, the facial characteristics of requesters maycontinuously change. If the biometric data of a face, such as the face1730 of the requester 1450, remains static, the identification of theface may ultimately result in false rejections, requiring there-enrollment of the face 1730. Dynamic adjustments to the biometricdata may be continuously applied and algorithms may determine whetherthe proposed change is not the introduction of a different face into thebiometric data resulting in a false acceptance on the face 17303. Withevery iteration of the biometric data, the algorithm must determine theamount of biometric data to retain to insure the next successfulidentification of the requester 1450 and the amount to change to insurethe long-term identification of the requester 1450. The determinationmay be made by a combination of a time-domain analysis where the changesare regressed to insure linearity and facial regional analysis todetermine if the area of change is rational.

The use of this dynamic data capability leads to the second algorithm,the Time-Domain Trending Algorithm. The gateway 1402 may maintain thehistory of the binary data of the requester 1450 and perform atime-domain based analysis of the data to assess what features arechanging when the history of the binary data of requester 1450 iscompared with face 1730 and the speed with which these features arechanging. The gateway 1402 may track the evolution of the face and usesthis data to extrapolate and reinforce the unique differences identifiedin the face 1730 of the requester 1450 to establish and later emphasizecore features or baseline features and assess the rate of change inthese core features for the face 1730. The gateway 1402 then determinesusing time-domain based analysis whether these changes are taking placeover a time period to suggest natural changes in the face 1730,artificial changes in face 1730 warranting further analysis, or amismatch of the history of binary data of the requester 1450 with theface 1730. The gateway 1402 may identify the unique differences andverify that the differences identified in the verification request areconsistent with the trending over time. In some implementations, thegateway 1402 may factor in lifestyle and daily routines of the requester1450 in the Time-Domain Trending Algorithm. For example, if therequester 1450 enjoys outdoor activities, the Algorithm may factor inincreased tanning during the summer season. The Proactive CollisionIdentification Algorithm combined with the Time-Domain TrendingAlgorithm allows the method of this embodiment of the invention tomaintain its high performance in a large population ‘1:N’ solution.

In some implementations, the Time-Domain Trending Algorithm may reducethe change over time in the biometric data into one or more equationsthat characterize the change over time (e.g., curve fitting algorithms).The linearity of the one or more equations over time may determine theintegrity of the changes. If a particular area of the change isrepresented as a discrete function, the change may be flagged as apotential threat (e.g., disguise, incorrect match). The changes may alsobe evaluated based on the physical location of the pixel box on theface. Locations may be weighted based on the probability of change inthat area of the face. Significant changes in low probability changeareas will be flagged as a potential threat.

Turning now to FIG. 28, referencing figures above, in someimplementations, a method 2800 of constructing a biometric template maybe performed by the ECD 1404.

In optional implementations, the method 2800 may perform an enrollmentprocess. The enrollment process may include the ECD 1404 capturing aplurality of images (e.g., 5, 10, 15, 20, 30, 50) of the face 1730. TheECD 1404 may convert the plurality of images to biometric data asdescribed above.

At block 2802, emitting an incident non-visible light. For example, theillumination source 1704 may emit an incident non-visible light. Thenon-visible light may include near IR or UV. In some implementations,the illumination source 1704 may emit a visible light.

At block 2804, detecting a detected non-visible light, wherein thedetected non-visible light includes a reflected non-visible light and aradiated non-visible light. For example, the optical sensor 1702 maydetect a detected non-visible light, wherein the detected non-visiblelight includes a reflected non-visible light and a radiated non-visiblelight. In some implementations, the optical sensor 1702 may detect IRlight reflected off of the face 1730 of the requester 1450 and/or IRlight radiated due to the heat of the requester 1450.

At block 2806, generating a sampled profile including a plurality ofsampling points having a plurality of characteristic values associatedwith the detected non-visible light. For example, the algorithm module1856 may generate a sampled profile, such as the sampled profile 2000,including a plurality of sampling points having a plurality ofcharacteristic values associated with the detected non-visible light.

At block 2808, identifying one or more macroblocks each includes asubset of the plurality of sampling points. For example, the algorithmmodule 1856 may identify one or more macroblocks each includes a subsetof the plurality of sampling points. The one or more macroblocks may bea 10×10 macroblock, a 15×15 macroblock, a 20×20 macroblock, a 30×30macroblock, a 35×35 macroblock, and a 40×40 macroblock. Other sizes arepossible. In some implementations, the ECD 1404 may identify 2165macroblocks having 2165 associated dimensions.

At block 2810, selecting a local pattern value. For example, thealgorithm module 1856 may select a local binary pattern value of 20. Inother examples, the algorithm module 1856 may select a local ternarypattern value.

At block 2812, calculating a number of occurrences of the local patternvalue within each subset of the plurality of the sampling points foreach of the one or more macroblocks. For example, the algorithm module1856 may calculate a number of occurrences of the local pattern valuewithin each subset of the plurality of the sampling points for each ofthe one or more macroblocks.

At block 2814, generating a first array including a plurality ofweighted values by calculating the plurality of weighted values based onthe numbers of occurrences of the local pattern value and correspondingsizes of the one or more macroblocks. For example, the algorithm module1856 may generate a first array including the weighted values shown inthe table 2300 (i.e., [0.30 0.54 0.15 0.42 0.62 0.46 0.53]).

At block 2816, assigning a unique index to each of the plurality ofweighted values. For example, the algorithm module 1856 may assignunique indices (i.e., 1, 2, 3, 4, 5, 6, and 7) to each of the pluralityof weighted values shown in the table 2300. The unique index 1 isassigned to the weighted value of 0.30, 2 to 0.54, 3 to 0.15 . . . ,etc.

At block 2818, generating a second array of the unique index by rankingthe plurality of weighted values. For example, the algorithm module 1856may generate a second array of the unique index by ranking the pluralityof weighted values, such as the sequence 5, 2, 7, 6, 4, 1, 3 in thetable 2300. In some implementations, the second array/sequence mayindicate a ranking of the weighted values from the highest to thelowest. The first number in the sequence is 5 because the weighted value(i.e., 0.62) associated with the unique index of 5 is the highest amongthe elements of the first array.

At block 2820, generating a third array including a plurality of rankingdistances. For example, the algorithm module 1856 may generate a thirdarray including a plurality of ranking distances, such as the storedarray [5 1 6 4 0 3 2] in the table 2300. A ranking distance may indicatea numerical difference between the ranks of the highest weighted value(e.g., 0.62-rank 1) and the current weighted value (e.g., 0.30-rank 6).Therefore, the ranking distance between 0.62 and 0.30 may be 5 (i.e.,6-1).

In some optional implementations, during the verification process, thebiometric data based on the sampled profile (the “requestor biometricdata”) may be compared to the biometric data of the plurality of imagescaptured during the enrollment process (the “enrollment biometricdata”). If the matching percentage exceeds a threshold percentage (e.g.,20, 30, 40, 50, 60, 70, or 80), the ECD 1404 and/or one of the gateways1402 may determine that the requestor biometric data is a positive matchand the verification is successful.

In certain aspects, the ECD 1404 and/or one of the gateways 1402 mayadjust the enrollment biometric data over time to accommodate anychanges to the face 1703 due to, for example, sun tan, aging, injuries,mood change, weight change, facial hair change, cosmetics usage,accessories, or other causes. During each verification, the ECD 1404and/or one of the gateways 1402 may adjust a portion (e.g., 20%, 30%,40%, 50%) of the enrollment biometric data. Another portion of thebiometric data may remain unchanged.

It will be appreciated that various implementations of theabove-disclosed and other features and functions, or alternatives orvarieties thereof, may be desirably combined into many other differentsystems or applications by one ordinarily skilled in the art. Also thatvarious presently unforeseen or unanticipated alternatives,modifications, variations, or improvements therein may be subsequentlymade by those skilled in the art which are also intended to beencompassed by the following claims.

The above detailed description set forth above in connection with theappended drawings describes examples and does not represent the onlyexamples that may be implemented or that are within the scope of theclaims. The term “example,” when used in this description, means“serving as an example, instance, or illustration,” and not “preferred”or “advantageous over other examples.” The detailed description includesspecific details for the purpose of providing an understanding of thedescribed techniques. These techniques, however, may be practicedwithout these specific details. For example, changes may be made in thefunction and arrangement of elements discussed without departing fromthe scope of the disclosure. Also, various examples may omit,substitute, or add various procedures or components as appropriate. Forinstance, the methods described may be performed in an order differentfrom that described, and various steps may be added, omitted, orcombined. Also, features described with respect to some examples may becombined in other examples. In some instances, well-known structures andapparatuses are shown in block diagram form in order to avoid obscuringthe concepts of the described examples.

Information and signals may be represented using any of a variety ofdifferent technologies and techniques. For example, data, instructions,commands, information, signals, bits, symbols, and chips that may bereferenced throughout the above description may be represented byvoltages, currents, electromagnetic waves, magnetic fields or particles,optical fields or particles, computer-executable code or instructionsstored on a computer-readable medium, or any combination thereof.

The various illustrative blocks and components described in connectionwith the disclosure herein may be implemented or performed with aspecially-programmed device, such as but not limited to a processor, adigital signal processor (DSP), an ASIC, a FPGA or other programmablelogic device, a discrete gate or transistor logic, a discrete hardwarecomponent, or any combination thereof designed to perform the functionsdescribed herein. A specially-programmed processor may be amicroprocessor, but in the alternative, the processor may be anyconventional processor, controller, microcontroller, or state machine. Aspecially-programmed processor may also be implemented as a combinationof computing devices, e.g., a combination of a DSP and a microprocessor,multiple microprocessors, one or more microprocessors in conjunctionwith a DSP core, or any other such configuration.

The functions described herein may be implemented in hardware, softwareexecuted by a processor, firmware, or any combination thereof. Ifimplemented in software executed by a processor, the functions may bestored on or transmitted over as one or more instructions or code on anon-transitory computer-readable medium. Other examples andimplementations are within the scope and spirit of the disclosure andappended claims. For example, due to the nature of software, functionsdescribed above can be implemented using software executed by aspecially programmed processor, hardware, firmware, hardwiring, orcombinations of any of these. Features implementing functions may alsobe physically located at various positions, including being distributedsuch that portions of functions are implemented at different physicallocations. Also, as used herein, including in the claims, “or” as usedin a list of items prefaced by “at least one of” indicates a disjunctivelist such that, for example, a list of “at least one of A, B, or C”means A or B or C or AB or AC or BC or ABC (i.e., A and B and C).

Computer-readable media includes both computer storage media andcommunication media including any medium that facilitates transfer of acomputer program from one place to another. A storage medium may be anyavailable medium that can be accessed by a general purpose or specialpurpose computer. By way of example, and not limitation,computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or otheroptical disk storage, magnetic disk storage or other magnetic storagedevices, or any other medium that can be used to carry or store desiredprogram code means in the form of instructions or data structures andthat can be accessed by a general-purpose or special-purpose computer,or a general-purpose or special-purpose processor. Also, any connectionis properly termed a computer-readable medium. For example, if thesoftware is transmitted from a website, server, or other remote sourceusing a coaxial cable, fiber optic cable, twisted pair, digitalsubscriber line (DSL), or wireless technologies such as infrared, radio,and microwave, then the coaxial cable, fiber optic cable, twisted pair,DSL, or wireless technologies such as infrared, radio, and microwave areincluded in the definition of medium. Disk and disc, as used herein,include compact disc (CD), laser disc, optical disc, digital versatiledisc (DVD), floppy disk and Blu-ray disc where disks usually reproducedata magnetically, while discs reproduce data optically with lasers.Combinations of the above are also included within the scope ofcomputer-readable media.

What we claim is:
 1. A method, comprising: generating a sampled profileof a requester, wherein the sampled profile includes a plurality ofsampling points, identifying one or more macroblocks, wherein eachmacroblock includes a coordinate and a subset of the plurality ofsampling points, calculating a number of occurrences of a local patternvalue within each subset of the plurality of the sampling points foreach of the one or more macroblocks; generating a first array includinga plurality of weighted values, wherein each of the plurality ofweighted values is calculated by dividing the corresponding number ofoccurrences of the local pattern value by a size of a correspondingmacroblock of the one or more macroblocks; assigning a unique index toeach of the plurality of weighted values; generating a second array ofthe unique indices by ranking the unique indices based on an associatedweighted value; generating a third array including a plurality ofranking distances between a highest weighted value of the plurality ofweighted values and each weighted value of the plurality of weightedvalues; constructing a biometric template of the requester based on thethird array and the coordinates; comparing the biometric template of therequester with a plurality of authorized biometric templates; matchingthe biometric template of the requester to one of the plurality ofauthorized biometric templates; and transmitting a positive match signalto an access-controlled asset to grant the requester access to theaccess-controlled asset.
 2. The method of claim 1, further comprisesencrypting the biometric template of the requester.
 3. The method ofclaim 1, wherein the access-controlled asset is a vault, a lock, asecure door, a secure gate, a computing device, an equipment, amachinery, an encryption key, a file, a database, a digital rightmanagement content, or a digital storage device.
 4. A security system,comprising: an access-controlled asset; and an edge capture device (ECD)associated with the access-controlled asset, the ECD includes aprocessor configured to: generate a sampled profile of a requester,wherein the sampled profile includes a plurality of sampling points,identify one or more macroblocks each includes a coordinate and a subsetof the plurality of sampling points, calculate a number of occurrencesof a local pattern value within each subset of the plurality of thesampling points for each of the one or more macroblocks; generate afirst array including a plurality of weighted values, wherein each ofthe plurality of weighted values is calculated by dividing thecorresponding number of occurrences of the local pattern value by a sizeof a corresponding macroblock of the one or more macroblocks; assign aunique index to each of the plurality of weighted values; generate asecond array of the unique indices by ranking the unique indices basedon an associated weighted value; generate a third array including aplurality of ranking distances between a highest weighted value of theplurality of weighted values and each weighted value of the plurality ofweighted values; construct a biometric template of the requester basedon the third array and the coordinates; compare the biometric templateof the requester with a plurality of authorized biometric templates;match the biometric template of the requester to one of the plurality ofauthorized biometric templates; and transmit a positive match signal togrant the requester access to the access-controlled asset.
 5. Thesecurity system of claim 4, wherein the processor is further configuredto encrypt the biometric template of the requester.
 6. The securitysystem of claim 4, wherein the access-controlled asset includes a vault,a lock, a secure door, a secure gate, a computing device, an equipment,a machinery, an encryption key, a file, a database, a digital rightmanagement content, or a digital storage device.
 7. The security systemof claim 4, further comprises a gateway configured to: receive thepositive match signal from the ECD; and forward the positive matchsignal to a receiving device.
 8. The security system of claim 4, furthercomprises: a storage device having a database; and a servercommunicatively connected to the storage device, the server isconfigured to: receive a positive match signal having a time from theECD, wherein the positive match signal is associated with the requester;associate the time with the requester; and record the time into thedatabase in the storage device.
 9. The security system of claim 8,wherein the time is associated with an arrival time, a departure time,an access time, or a starting usage time.
 10. The security system ofclaim 4, further comprises a firewall that filters information passingthrough the firewall.
 11. The security system of claim 4, furthercomprises a gateway configured to: receive a first information from acomputing device; and transmit a second information to the ECD, theaccess-controlled asset, a server, a firewall, or a storage device. 12.The security system of claim 11, wherein: the first information and thesecond information include at least one of a software updateinformation, an information request, a maintenance command, an accessrequest, or a command.
 13. The security system of claim 4, furthercomprises a gateway configured to: receive a first information from theECD, the access-controlled asset, a server, a firewall, or a storagedevice; and transmit a second information to a computing device.
 14. Thesecurity system of claim 13, wherein: the first information and thesecond information includes at least one of an acknowledgement, aresponse, a requested information, work hours, an arrival time, accesshistory, or utilization frequencies.
 15. The security system of claim 4,further comprises a gateway configured to create a blockchain associatedwith the requester.
 16. The security system of claim 4, furthercomprises a gateway configured to: receive unencrypted information fromthe ECD; encrypt the unencrypted information using an encryption keyassociated with the requester; and transmit the encrypted information.17. The security system of claim 4, further comprise a gatewayconfigured to: receive encrypted information from the ECD; decrypt theencrypted information using a decryption key associated with therequester; and transmit the decrypted information.
 18. A non-transitorycomputer readable medium having instructions stored therein that, whenexecuted by a processor, cause the processor to: generate a sampledprofile of a requester, wherein the sampled profile includes a pluralityof sampling points, identify one or more macroblocks each includes acoordinate and a subset of the plurality of sampling points, calculate anumber of occurrences of a local pattern value within each subset of theplurality of the sampling points for each of the one or moremacroblocks; generate a first array including a plurality of weightedvalues, wherein each of the plurality of weighted values is calculatedby dividing the corresponding number of occurrences of the local patternvalue by a size of a corresponding macroblock of the one or moremacroblocks; assign a unique index to each of the plurality of weightedvalues; generate a second array of the unique indices by ranking theunique indices based on an associated weighted value; generate a thirdarray including a plurality of ranking distances between a highestweighted value of the plurality of weighted values and each weightedvalue of the plurality of weighted values; construct a biometrictemplate of the requester based on the third array and the coordinates;compare the biometric template of the requester with a plurality ofauthorized biometric templates; match the biometric template of therequester to one of the plurality of authorized biometric templates; andtransmit a positive match signal to an access-controlled asset to grantthe requester access to the access-controlled asset.
 19. Thenon-transitory computer readable medium of claim 18, further comprisesinstructions that, when executed by the processor, cause the processorto encrypt the biometric template of the requester.
 20. Thenon-transitory computer readable medium of claim 18, wherein theaccess-controlled asset is a vault, a lock, a secure door, a securegate, a computing device, an equipment, a machinery, an encryption key,a file, a database, a digital right management content, or a digitalstorage device.